Top 100 Worst Passwords Revealed

A new study has revealed the world’s 100 worst passwords, and it’s an eye-opening read. If you’ve ever given into

A new study has revealed the world’s 100 worst passwords, and it’s an eye-opening read. If you’ve ever given into laziness and logged in with such classics as ‘123456’ or ‘password’, then we’ve got some bad news. Firstly, you’re not that original, and secondly, you’re in real danger of getting hacked.

Software firm Splashdata studied over 5 million leaked passwords to find the most common ones used across the web. The results reveal just how little creativity some of us put into our passwords – the dangerously thin wall between hackers and a payload of personal data.

Read on to find out what the worst passwords are, how you can make yours more secure, and whether or not you should be using a password manager (spoiler – yes, you should).

What are the Worst Passwords?

The study’s top 100 worst password through up some surprises, although you can probably guess the very worst. And if you can guess it, so can a hacker.

The top ten worst passwords according to the data are:

Turns out that ‘donald’ is a terrible password

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345
  • 111111
  • 1234567
  • sunshine
  • qwerty
  • iloveyou

Most of the top ten are the same as they were last year, with the classic ‘123456’ keeping its position at number one. However, there are some new entries in the list, including the seemingly random ‘sunshine’ (although not random enough that it couldn’t be easily guessed), and ‘111111’, which is a new low in laziness for password creation.

Elsewhere in the list, buried among number and alphabet strings, are some intriguing insights into what people are thinking about when creating passwords. Among them, ‘donald’ at number 23, and ‘monkey’, at 18. You view the full list here.

Has My Password Ever Been Hacked?

The data in the study from SplashData comes from previously hacked accounts, the result of millions of users having their details leaked.

Creating a strong password is key to help prevent your accounts being hacked, but it’s also important to keep any eye on any leaks that might affect you. Any sites you use will alert you when their data is breached, but it’s also worth using a site like haveibeenpwned.

The haveibeenpwned site collects information from leaked accounts and uses them to create a searchable database. Type in your email address (it’s perfectly safe, and won’t be stored), and the site will not only tell you if your data has been compromised, but also trace it back to the date and origin of the leak. It goes without saying that should you be unfortunate enough to have been affected, change your password immediately.

How Can I Create a Safe Password?

It goes without saying that all the passwords in the top 100 list break the rules of secure password creation. There’s barely a capital letter to be found, much less a symbol, and they’re all way too simple to pose any serious challenge to a hacker.

So how do you go about making a robust password? The key is to make it hard to guess, but easy to remember.

That might seem like a challenge, but you’d be surprised at how simple it is to create a password that works for you.

However, don’t assume that a password that appears impossible to crack will be watertight. For example,’Q!koP9$f’ might seem like a virtual Fort Knox to our human brains, but software could crack it in a matter of hours.

Much better is a password that you find relatable. Take the example ‘DogComputerScreenSpeakerTV’, which would take 327 septillion years to crack. That’s a long time for some to dedicate getting into your Facebook account.

You can find more tips on how to create the ultimate secure password in our dedicated guide to creating strong passwords.

Consider a Password Manager

Chances are that you’re juggling a lot of online accounts across social media, retailers, banking, work and so on. With each needing a unique password, that’s a lot to remember.

Luckily, Password Managers can step in and take away all the headaches of remembering stacks of log-in details, and can even help you create ultra-secure passwords too.

Password Managers cost a few bucks a month, and for anyone who is constantly having to reset their eBay password, are priceless. Using a Password Manager, you’ll automatically be logged into any sites you visit, whether you’re using your computer, tablet or phone, and you won’t have to remember anything.

Most also have tools that will assess your existing passwords, helping you to create new ones if they’re not strong enough. Not only that, but some also alert you when any sites you use have their security breached.

Read our guide to the Best Password Managers for 2019.

TechCo Logo thumbnaillastpass vs 1password
Overall Score 4stars 5stars
Full ReviewLastPass review1Password review
Ease of Set Up 5stars 5stars
Features 4stars 5stars
Performance 4stars 5stars
Help and Support 3stars   3stars
Value for Money 4stars 5stars
Free version?YesNo
Annual Subscription$24$36
Support Options?Email basedEmail based
Best DealGet LastPassGet 1Password
1Password is our Best-Rated Password Manager – Click to See Deals
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Jack is the Deputy Editor for He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals