25 Of The Worst Passwords For 2011

Good and Bad Passwords – Create Complex Passwords for the Best Security

excepted from PC Mag

"Whenever simple passwords are discussed, the following story always comes up.  Five years ago, a group of Slovak hackers  hacked Slovakia’s National Security Bureau (abbreviated NBU), which stores tons of classified information. It was an easy hack. The NBU’s master login/password was simply nbusr/nbusr123. After cracking it, the hackers publicized the information, much to the NBU’s embarrassment.

What’s even worse? Days later, the password was still "nbu123."

That was five years ago, but bad passwords still abound. SplashData, a password management app maker, compiled a list of the 25 worst passwords of 2011, based on millions of stolen passwords that were dumped online. Typically after hackers compromise a server, like Sony’s or CIA.gov’s, they post all these personal details online.

Many of the passwords are sequential numbers like "12345" or "654321," while others contained messages like "letmein" and "trustno1". Even if you thought you were being clever with "qazwsx," (look at your keyboard, you’ll get it) it’s number 23 on the list. "Monkey," "password," and "qwerty" are ALWAYS on these lists. I know I’m preaching to the choir here but, seriously?

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Having a tough-to-crack password won’t thwart a sophisticated cybercriminal, who can use other methods to breach a server in which passwords are stored. But a solid password will at least deter the lowest common denominator like a nosy partner or a low-level hacker using a dictionary attack that simply tries thousands of passwords. "

So what is a good password then? 

Here are some rules and some examples:

A secure password will contain a combination of upper and lower case characters, numbers, and special characters like "@", and "#’. This makes guessing the password much harder, and blocks against a standard dictionary attack.

As for remembering such a password, there are some tricks that can make it easier. Let’s take a very simple password like "freddie". If we change the case of a letter (I recommend a letter other than the first one, as that may be done in a dictionary attack), we get something like "freDDie". Better, but not great. Now substitute a number for a letter, and get "fr3DDie". Then a special character, and you get "fr3DD!e". That is a much more secure password, and yet is still easy to remember.

To summarize:

  • Don’t use passwords that are based on personal information that can be easily accessed or guessed

  • Don’t use words that can be found in any dictionary of any language

  • Use both lowercase and capital letters

  • Use a combination of letters, numbers, and special characters

  • Use different passwords on different systems

After all, your system, and information, is only as secure as the weakest security link, and a weak password a sure way to invite the hackers into your system.



If you have any system questions or concerns, contact the CCS Retail Systems Support Department at 800.672.4806 or email us


Leave a Reply