Top 25 Most Popular (and Worst) Passwords

Every year, SplashData – a Los Gatos, CA security applications and services provider, compiles a list of stolen passwords that are made public and sorts them in order of popularity. Below are the top 25 passwords of shame – brace yourselves.

 

1. 123456 (Unchanged)
2. Password (Unchanged)
3. 12345678 (Up 1)
4. Qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. Football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. Baseball (Down 2)
11. Welcome (New)
12. 1234567980 (New)
13. Abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. Dragon (Down 7)
17. Master (up 2)
18. Monkey (Down 6)
19. Letmein (Down 6)
20. Login (New)
21. Princess (New)
22. Qwertyuiop (New)
23. Solo (New)
24. Passw0rd (New)
25. Starwars (New)

 

Okay, that was hard to read. The trends are there, from sports to sequential numbers to “typewriter-like” passwords (all letters on the same keyboard row). We have now seen a surge of Star War’s categories, probably due to the year’s blockbuster Star Wars: The Force Awakens. An interesting infograph by TeamsID also summarizes SplashData’s findings.

Complexity, Not Just Length, Matters

This list does show us the importance of applying complexity to long passwords. Although having a long password is crucial to security, the data must also be as random as possible. “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” said Morgan Slain, CEO of SplashData.

Hackers Love Common Passwords

Many hackers simply try the most common passwords. If they get nothing they just move on to the next account and keep trying until they find the accounts with weak passwords. The longer and more complex it is, the harder it is to crack. A strong, secure password should be 12-15 characters long. They also need to be unpredictable. And since humans struggle to be random, a password manager like Dashlane or TeamsID can be very helpful. It beats trying to memorize a 12-letter, nonsense stream of data.

Password Strong

Our passwords do, in fact, safeguard our Everything. Why not beef up our security and break that endless password-reset cycle? At least we can hold our heads up high knowing our passwords are not on the top 25 stolen passwords list – I’m looking at you, crowd “123456.”