The annual list of the worst passwords just came out.  As usual, it should be more than enough to make those of us trying to provide security groan, moan, and slap our collective heads.  The good news is that the top 25 worst passwords only comprised about 2.2% of all exposed passwords in 2014, the lowest percentage in recent years, so maybe we are getting through (yeah right!).

While the list is fun to look at, and you can compare it to last year’s here, this should make you think long and hard about whether there is an alternative solution to passwords.  When your users can choose passwords like this, or just use the same ones across multiple services, is it really the best way to secure the services you provide?

The big problem with replacing passwords is ease of use.  Passwords are simple.  They don’t require any separate hardware.  They don’t require any special knowledge, and everything supports them.  Raising the bar needs to come as close to that as possible.  It needs to be simple to use, flexible, and ideally not add any complexity to the login process.  Every change you make is a point of resistance to user adoption and makes switching from passwords that much more difficult.

At Green Rocket Security, we specialize in an easy-to-deploy 2FA solution, one that has minimal changes to the user experience and a simple, self-supporting system for your users.  A simple change to the user experience, one which has been proven to work, provides a high level of security at a low cost and makes your days of reading this list with dread one of reading it for fun.