SplashData looked at the passwords of 5 million accounts that were leaked by various breaches in 2018, and found that many users are still using very simple, easy-to-guess passwords.
The top 10 most common passwords, for example, were:
According to SplashData, 2018 is the fifth year in a row that “123456” and “password” were #1 and #2 respectively on their list of common passwords based on analysis of breaches in that year. SplashData offers sensible steps to better create and manage passwords,
1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.
But, fundamentally, the systems that are in widespread use these days are far too difficult for end users to easily secure.