Virtually every aspect of our personal and professional lives is password protected. Forgetting your password is like forgetting where you parked. You’re stuck. With so many passwords to remember, we try to make passwords easier to remember by taking shortcuts. Though some are clever, many are not. Either way, shortcuts can undermine the sole purpose of a password—security.

To hackers and identity thieves, accounts protected by weak passwords aren’t really password protected at all. Using a weak password may provide a sense of security, but it doesn’t provide any real security. It’s like hanging your spare key from the door knob. What’s the point of even having a lock?

If you think this is a bit extreme, judge for yourself. Look at SplashData’s Top 10 list of the most common passwords of 2015, which were identified by analyzing 2 million leaked passwords:


  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball

[Editor’s Note: We apologize to those who just had their passwords exposed. You know who you are. Since everyone has just seen your password, you should probably change it now.]

This list makes it easy to understand how passwords can be rendered virtually worthless by being weak. It’s absurd to think anyone is actually using these passwords. Unfortunately, it doesn’t look like people are changing their approach to passwords. The 2015 list is nearly identical to the 2014 list, though there were a few new additions, like welcome, login and starwars. Not exactly Fort Knox.

But wait, it gets even worse. People are actually using these passwords to protect information they would never want exposed. Not so much to the world, but to their spouse. That’s right, information about infidelity. After the Ashley Madison breach, millions of passwords were leaked. Here are the top 5 passwords people used to protect perhaps their most intimate secret:

  • 123456
  • 12345
  • password
  • 123456789

Passwords are the first line of defense against unauthorized access to our personal and professional lives. The thing that makes passwords more memorable can also make them weak. Passwords must be strong to be effective. According to Microsoft, a strong password:

  • Is at least eight characters long.
  • Doesn’t contain your user name, real name or company name.
  • Doesn’t contain a complete word.
  • Is significantly different from previous passwords.
  • Contains uppercase and lowercase characters, numbers and symbols.

Cyber threats and data security remain a primary concern for individuals and businesses alike. Even the most sophisticated security measures are vulnerable to attack. Steps can be taken to reduce the risk of being victimized by hackers and identity thieves. The first one can be using strong passwords.

Please contact us if you would like to discuss ways to protect against data breaches and cyber security liability.

Additional information is also available in our weekly Risk Management Newsletters.