Online security of the believer

People often use online passwords like “Jesus” because they are easy to remember. Unfortunately, hackers know which words are most popular and use that information to commit identity theft.

By Bob Allen

All Christians confess that Jesus is Lord, but he’s a poor choice for a computer password, according to an annual listing of passwords on the Internet most prone to hacking.

“Jesus” for the first time made the list of SplashData’s “25 Worst Passwords of the Year” – the most common passwords stolen by hackers.

The list, which made its debut last year, suggests that despite several high-profile hacking incidents over the past year at major sites including Yahoo, LinkedIn and eHarmony, many people continue to put themselves at risk by using easily guessable passwords.

“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” said Morgan Slain, CEO of the 12-year-old company based in Los Gatos, Calif. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”

The top three passwords, "password," "123456” and "12345678," remain unchanged from last year's list. New entries to this year's list include "welcome," "jesus," "ninja," "mustang" and "password1."

SplashData, provider of the SplashID Safe line of password management applications, compiled the list from files containing millions of stolen passwords posted online by hackers.

To make passwords more secure, SplashData recommends using passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”.

Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online e-mail, social networking and financial services. Use different passwords for each new website or service you sign up for.

For those who have a difficult time remembering multiple passwords, companies like SplashData sell password manager applications that organize and protect passwords and can automatically log in to websites.

The full worst-passwords list, in order, is: password, 123456, 12345678, abc123, qwerty, monkey, letmein, dragon, 111111, baseball, iloveyou, trustno1, 1234567, sunshine, master, 123123, welcome, shadow, ashley, football, jesus, michael, ninja, mustang and password1.

SplashData advised consumers or businesses using any of those passwords to change them immediately.

“It just takes a few extra moments to make a password better,” Slain said. “If you get started now and make it a resolution to keep it up, your life online will be safer and more secure in 2013.”