12.13.18 SSI – LOS GATOS, Calif.
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list.
Despite passwords being the most common form of cybersecurity, most people still don’t take them seriously.
SplashData just released its eighth annual list of worst passwords of the year and as you will see, people still use terrible passwords.
The company evaluated more than five million passwords leaked on the Internet to determine which were most used during the past year.
For the fifth consecutive year, “123456” and “password” land in the number one and number two spots, respectively, President Trump debuted on this year’s list with “donald” showing up as the 23rd most frequently used password.
“Sorry, Mr. President, but this is not fake news — using your name or any common name as a password is a dangerous decision,” says Morgan Slain, CEO of SplashData. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
Here are the worst passwords of 2018 compared to where they placed last year. It’s probably fair to say people find simple numerical strings to be the easiest to remember.
- 123456 (Rank unchanged from last year)
- password (Unchanged)
- 123456789 (Up 3)
- 12345678 (Down 1)
- 12345 (Unchanged)
- 111111 (New)
- 1234567 (Up 1)
- sunshine (New)
- qwerty (Down 5)
- iloveyou (Unchanged)
- princess (New)
- admin (Down 1)
- welcome (Down 1)
- 666666 (New)
- abc123 (Unchanged)
- football (Down 7)
- 123123 (Unchanged)
- monkey (Down 5)
- 654321 (New)
- !@#$%^&* (New)
- charlie (New)
- aa123456 (New)
- donald (New)
- password1 (New)
- qwerty123 (New)
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.
SplashData offers three simple tips to be safer from hackers online:
1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.
Using weak, easily-guessable passwords can lead to catastrophic results such as identity fraud, loss of money and more. It’s time to take cybersecurity more seriously — think twice the next time you create a password.