Tip: How to stop relying on only passwords

SplashData released its list of the most popular (and therefore worst) passwords. Fear not – two-factor authentication can help.

Kacper Pempel
File - Illustration picture of computer keyboard with letters stacked forming the word 'password' taken in Warsaw

SplashData released its fourth annual list of the most common Internet passwords, or, as it has been come to be known: “The Worst Password List."

The 2014 list of worst passwords revealed itself to be mostly unchanged since last year. The No. 1 spot still belongs to “123456." The classic password “password” held strong at No. 2. And “12345” rose from seventh place to third. (Getting clever guys!)

Some of the new favorites included “baseball,” “access,” “mustang,” and, for some reason, “michael.”

With the release of this year's list, there has been a collective, frustrated sigh from the media. The responses have varied from labeling it “embarrassing,” “awful,” and “horrible” to flat out begging the Internet to stop using these passwords.

But there is light. As the report goes on to say, the passwords on the top 25 list only accounted for 2.2 percent of all Internet passwords that SplashData researched. The list, which collects most of its data from North America and Europe, shows a trend of people moving away from these basic, overused passwords, says Mark Burnett, online security expert and author of “Perfect Passwords.”

"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years,” says Mr. Burnett in a statement. “While [2.2 percent of Internet users is] still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."

While some people may never understand the importance of choosing a strong password, SplashData complied a list of ways to pick a solid password.

The site recommended you avoid using baby-name books, sports and sports teams, and birthday years (1989 through 1992 all made it in the top 100).

Its top recommendations included avoiding sequences like “ 'qwertyuiop,’ which is the top row of letters on a standard keyboard, or ‘1qaz2wsx’ which comprises the first two ‘columns’ of numbers and letters on a keyboard.”

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” says Morgan Slain, chief executive officer of SplashData, in a statement. “As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

While many were left banging their heads against a wall, in the current state of online privacy, some have criticized the use of passwords altogether.

In a 2012 Wired article, Mat Honan wrote about how hackers targeted and cracked his password-protected accounts by finding ways to circumvent those passwords. His article highlights some of the biggest issues with passwords.

"Those security lapses are my fault, and I deeply, deeply regret them," Mr. Honan wrote. "But what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's."

Apple and Amazon quickly stepped up their security after the release of the article.

Honan's tale is a chilling reminder of how our connected devices can easily be breached, but there are steps you can take to protect important accounts.

The first and most obvious step is to have a complicated password that cannot be linked to your online history. It is also important to use different passwords for each account, which can be a pain, but is crucial.

Another step is using companies that require two-factor authentication (2FA), which means adding an extra (but simple) step to your login process. Entering a username and password would be considered single authorization. But many services, such as Twitter and Google, now offer ways to provide a second form of authorization – one that's not based on a password. For example, before you log into Gmail on a new PC, Google can text-message a code to your phone, that you can then type into the computer to gain access to your inbox. This way, opening your accounts requires both something you know (the password) and something that you have (the mobile phone). Thieves might crack through one barrier of defense, but it's much more difficult for them to tackle both without you realizing.

[Editor's note: This article has been changed to correct a typo. Despite what the piece originally said, it is important to use different passwords for each of you online account.]

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.