Top 100 Worst Passwords Revealed

December 19, 2018

7:46 am

A new study has revealed the world’s 100 worst passwords, and it’s an eye-opening read. If you’ve ever given into laziness and logged in with such classics as ‘123456’ or ‘password’, then we’ve got some bad news. Firstly, you’re not that original, and secondly, you’re in real danger of getting hacked.

Software firm Splashdata studied over 5 million leaked passwords to find the most common ones used across the web. The results reveal just how little creativity some of us put into our passwords – the dangerously thin wall between hackers and a payload of personal data.

Read on to find out what the worst passwords are, how you can make yours more secure, and whether or not you should be using a password manager (spoiler – yes, you should).

1Password is our Best-Rated Password Manager – Click to See Deals

What are the Worst Passwords?

The study’s top 100 worst password through up some surprises, although you can probably guess the very worst. And if you can guess it, so can a hacker.

The top ten worst passwords according to the data are:

Turns out that ‘donald’ is a terrible password

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345
  • 111111
  • 1234567
  • sunshine
  • qwerty
  • iloveyou

Most of the top ten are the same as they were last year, with the classic ‘123456’ keeping its position at number one. However, there are some new entries in the list, including the seemingly random ‘sunshine’ (although not random enough that it couldn’t be easily guessed), and ‘111111’, which is a new low in laziness for password creation.

Elsewhere in the list, buried among number and alphabet strings, are some intriguing insights into what people are thinking about when creating passwords. Among them, ‘donald’ at number 23, and ‘monkey’, at 18. You view the full list here.

Has My Password Ever Been Hacked?

The data in the study from SplashData comes from previously hacked accounts, the result of millions of users having their details leaked.

Creating a strong password is key to help prevent your accounts being hacked, but it’s also important to keep any eye on any leaks that might affect you. Any sites you use will alert you when their data is breached, but it’s also worth using a site like haveibeenpwned.

The haveibeenpwned site collects information from leaked accounts and uses them to create a searchable database. Type in your email address (it’s perfectly safe, and won’t be stored), and the site will not only tell you if your data has been compromised, but also trace it back to the date and origin of the leak. It goes without saying that should you be unfortunate enough to have been affected, change your password immediately.

How Can I Create a Safe Password?

It goes without saying that all the passwords in the top 100 list break the rules of secure password creation. There’s barely a capital letter to be found, much less a symbol, and they’re all way too simple to pose any serious challenge to a hacker.

So how do you go about making a robust password? The key is to make it hard to guess, but easy to remember.

That might seem like a challenge, but you’d be surprised at how simple it is to create a password that works for you.

However, don’t assume that a password that appears impossible to crack will be watertight. For example,’Q!koP9$f’ might seem like a virtual Fort Knox to our human brains, but software could crack it in a matter of hours.

Much better is a password that you find relatable. Take the example ‘DogComputerScreenSpeakerTV’, which would take 327 septillion years to crack. That’s a long time for some to dedicate getting into your Facebook account.

You can find more tips on how to create the ultimate secure password in our dedicated guide to creating strong passwords.

Consider a Password Manager

Chances are that you’re juggling a lot of online accounts across social media, retailers, banking, work and so on. With each needing a unique password, that’s a lot to remember.

Luckily, Password Managers can step in and take away all the headaches of remembering stacks of log-in details, and can even help you create ultra-secure passwords too.

Password Managers cost a few bucks a month, and for anyone who is constantly having to reset their eBay password, are priceless. Using a Password Manager, you’ll automatically be logged into any sites you visit, whether you’re using your computer, tablet or phone, and you won’t have to remember anything.

Most also have tools that will assess your existing passwords, helping you to create new ones if they’re not strong enough. Not only that, but some also alert you when any sites you use have their security breached.

Read our guide to the Best Password Managers for 2019.

TechCo Logo thumbnail lastpass vs 1password tech.co
Overall Score 4 stars 5 stars
Full Review LastPass review 1Password review
Ease of Set Up 5 stars 5 stars
Features 4 stars 5 stars
Performance 4 stars 5 stars
Help and Support 3 stars  3 stars
Value for Money 4 stars 5 stars
Free version? Yes No
Annual Subscription $24 $36
Support Options? Email based Email based
Best Deal Get LastPass Get 1Password

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Jack is a senior writer at Tech.co with over a decade's experience researching and writing about consumer technology, from security and privacy to product reviews and tech news.