Are lazy staff compromising your online security?

by HCA05 Nov 2012

A new list has been compiled based on files containing millions of stolen passwords posted online by hackers – any company using any of the passwords on the list should change them immediately.

In a case of ‘why break a window when you can go through the front door’, SplashData CEO Morgan Slain said despite hacking tools becoming ever more sophisticated, hackers and thieves still tend to prefer easy targets. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online,” Slain said.

According to SplashData’s annual list of the most common passwords used on the internet and posted by hackers, users of the following 25 passwords are most likely to be hacked:

password (unchanged from 2011's top 25)

123456 (unchanged)

12345678 (unchanged)

abc123 (up 1)

qwerty (down 1)

monkey (unchanged)

letmein (up 1)

dragon (up 2)

111111 (up 3)

baseball (up 1)

iloveyou (up 2)

trustno1 (down 3)

1234567 (down 6)

sunshine (up 1)

master (down 1)

123123 (up 4)

welcome (new)

shadow (up 1)

ashley (down 3)

football (up 5)

jesus (new)

michael (up 2)

ninja (new)

mustang (new)

password1 (new)

So how can your organisation’s employees make their passwords more secure? SplashData made the following suggestions:

  1. Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, ‘eat cake at 8!’ or ‘car_park_city?’
  2. Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.
  3. Having trouble remembering all those different passwords? Try using a password manager application that organises and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security.


  • by Tracey Holdsworth 5/11/2012 2:17:48 PM

    Thanks for this article. We are looking at providing staff with training on web security and internet pitfalls. Do you know of any providers who can deliver this on-line?

  • by Tarran Deane 6/11/2012 11:19:54 AM

    A great article and terrific for both corporates, community groups & small enterprises.
    Tracey Holdsworth - you might find value in checking out Brad Hauck's Diploma of Internet Marketing through the Australian Institute of internet Marketing

Most Read