People happily give away their (bad) passwords to TV reporter

Happy New Year! Welcome to 2011!

Yes, it’s a time warp in password land, according to the yearly list of the 25 worst passwords collected by password management app company SplashData.

It’s a fresh list, but this bakery’s full of stale bread.

Welcome back, 123456 and password! You’ve been glued to the top two spots since the company first put out a list in 2011!

But wait, we have two newcomers to welcome to the top 25 worst passwords: 696969 and batman.

This is the part of password head-banger stories where we’d usually bemoan how easy it is to guess passwords like that (it’s so easy that a password cracking program would probably guess them faster than you can type them.)

This year, late-night US talk show host Jimmy Kimmel has added an extra dimension to this repetitive yearly ritual by showing that even guessing at people’s passwords might not be necessary.

Plenty of people seem to be pleased as punch to just tell you their passwords – at least, they are if you’ve got a TV crew filming them.

Because TV.

Because reporter with microphone.

What could possibly go wrong?

It’s not as if anyone watches “Jimmy Kimmel Live” outside of its 2.83 million viewership!

If you don’t want to watch the video, here’s a sample from the clip:

Reporter: We're talking about cybersecurity today and how safe people's passwords are. What is one of your online passwords currently?
Woman stopped on Hollywood Boulevard: It is my dog's name and the year I graduated from high school.
Reporter: Oh, what kind of dog do you have?
Woman: I have a chihuahua papillon.
Reporter: And what's its name?
Woman: Jameson.
Reporter: Jameson. And where'd you go to school?
Woman: I went to school back in Greensburg, Pennsylvania.
Reporter: What school?
Woman: Hempfield Senior Area High School.
Reporter: Oh. And when did you graduate?
Woman: In 2009.

Last year around this time, Naked Security’s John Hawes wrote up the SplashData list of 2013 password groaners, taking a nuanced look at whether it even matters how bad our passwords are.

After all, there are trivial sites that we don’t care about, given that they don’t deal in credit card numbers or other sensitive data, right?

But as Naked Security’s Paul Ducklin responded in the comments, nope, there’s no “relevant” switch on the internet, and you really should worry that cyber thugs could grab control of your accounts – any and all of them – to imitate you.

That includes not just people hijacking our Twitter accounts; it also means people taking over accounts on supposedly “innocuous” sites to post bogus announcements or libellous meeting minutes, solicit volunteers through a fraudulent website or anything else.

We need strong, unique passwords everywhere, not just at a handful of sites that we take seriously.

The easiest way to manage all the passwords you need is with a password manager that will cook up nicely convoluted passwords, and then keep track of them, for you.

Not everyone is prepared to trust a password manager with the keys to their kingdom but they do accomplish one very useful thing: they avoid churning out passwords like these, the 25 worst ones from SplashData’s 2014 list (as compiled from more than 3.3 million passwords leaked during 2014, mostly from North America and Western Europe users):

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

Of course even if you use a password manager you’ll need to create and remember at least one really strong password to protect it. To find out how, watch our short, straight-talking video:

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.

Image of facepalm courtesy of Shutterstock.