Another year, another study shouting about how we're all using lazy passwords like "123456" and "abc123." Protip: Don't use these passwords. They're easy to break and even easier to guess. But while it may seem as though the Internet never learns — an impression that's only bolstered by the past year's high-profile hackings and data breaches — there's a more important takeaway: It turns out we are getting better at not using lame passwords.
This year's list of weak passwords looks much like last year's, and the year before that. "Qwerty" and "password" still figure prominently, according to SplashData. Others include strings of sequential numbers of varying length. Look at those silly people! you say. They're asking to be hacked.
All that makes for good headlines, and you can never be too forceful about telling folks how to protect themselves on the Internet. (Here are some extra tips.) But it's not as though bad password hygiene will singlehandedly bring down the republic. The top 25 weakest passwords accounted for only 2.2 percent of leaked passwords in 2014, according to SplashData.
Of course, the next 25 weakest passwords were also probably pretty silly, so 2.2 percent is a bit of an arbitrary number. But now let's look at how far we've come: SplashData chief executive Morgan Slain told The Wall Street Journal that when they first started looking at these figures, as many as 6 percent of passwords came from the top-25 list.
In other words, we've effectively cut down on the share of weak passwords in recent years. That downward trend is consistent with what Chris Doggett of the IT security firm Kaspersky Lab said recently.
"It's humorous, in some respects," said Doggett of the persistence of weak passwords. "But I think, generally, user awareness has gotten better. People are smarter and, generally speaking, know to be suspicious about e-mails from people they don't know and clicking on links."
And that's a promising sign that as a society, yes, we're learning.