Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

It's Time to Nervously Mock the 50 Worst Passwords of the Year

Illustration for article titled Its Time to Nervously Mock the 50 Worst Passwords of the Year
Photo: Alex Cranz (Gizmodo)

In spite of everything—the leaks, the breaches, the myriad privacy risks—a large majority of people are still using “password” and “123456” as their password. Folks, it’s long past time to stop taking security shortcuts.

Advertisement

Security services firm SplashData has released its ninth annual Worst Passwords of the Year list, which assesses more than 5 million leaked passwords to determine those most commonly shared by hackers. This year’s list has revealed that people are still using easily guessable and common passwords to guard their data, including those frequently cited in past reports as being particularly susceptible to attacks.

While “password” fell two spots on this year’s list compared to last year’s, it remains in the top five—along with “123456" and “123456789.” There are some newcomers to the list, such as “qwertyuiop” and various repeated number sequences like “7777777,” however the report notes that even passwords that appear complicated are rather created using keys situated next to each other on the keyboard. It adds that these types of passwords “may seem to be complex but will not fool hackers who know millions of people use them.”

Advertisement

Behold, the worst of the worst:

1 - 123456 (rank unchanged from 2018)

2 - 123456789 (up 1)

3 - qwerty (Up 6)

4 - password (Down 2)

5 - 1234567 (Up 2)

6 - 12345678 (Down 2)

7 - 12345 (Down 2)

8 - iloveyou (Up 2)

9 - 111111 (Down 3)

10 - 123123 (Up 7)

11 - abc123 (Up 4)

12 - qwerty123 (Up 13)

13 - 1q2w3e4r (New)

14 - admin (Down 2)

15 - qwertyuiop (New)

16 - 654321 (Up 3)

17 - 555555 (New)

18 - lovely (New)

19 - 7777777 (New)

20 - welcome (Down 7)

21 - 888888 (New)

22 - princess (Down 11)

23 - dragon (New)

24 - password1 (Unchanged)

25 - 123qwe (New)

And an additional 25 from SplashData-owned TeamsID:

26 - 666666

27 - 1qaz2wsx

28 - 333333

29 - michael

30 - sunshine

31 - liverpool

32 - 777777

33 - 1q2w3e4r5t

34 - donald

35 - freedom

36 - football

37 - charlie

38 - letmein

39 - !@#$%^&*

40 - secret

41 - aa123456

42 - 987654321

43 - zxcvbnm

44 - passw0rd

45 - bailey

46 - nothing

47 - shadow

48 - 121212

49 - biteme

50 - ginger

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” SplashData CEO Morgan Slain said in a statement. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”

Data breaches are, unfortunately, an inevitability. But using strong, unique passwords for each of your accounts can prevent a bad actor from using the leaked credentials of one login to access various other accounts. The easiest way to do this with a password manager, which will randomly generate unique passwords for all of your accounts and store them for you so that you aren’t tempted to recycle common, similar, or otherwise weak passwords for your accounts—be it for your bank or Netflix. Everyone should also enable two-factor authentication everywhere it’s available, preferably using an authentication app (which is baked into many password managers).

And for the love of god, please stop using “password” as your password—no matter the account.

Advertisement

Share This Story

Get our newsletter

DISCUSSION

Is your password listed above?

Are you concerned that you may have been hacked?

List your Social Security Number here to be checked for possible hacking!