Tech.co logo

Top 100 Worst Passwords Revealed

December 19, 2018

7:46 am

A new study has revealed the world’s 100 worst passwords, and it’s an eye-opening read. If you’ve ever given into laziness and logged in with such classics as ‘123456’ or ‘password’, then we’ve got some bad news. Firstly, you’re not that original, and secondly, you’re in real danger of getting hacked.

Software firm Splashdata studied over 5 million leaked passwords to find the most common ones used across the web. The results reveal just how little creativity some of us put into our passwords – the dangerously thin wall between hackers and a payload of personal data.

Read on to find out what the worst passwords are, how you can make yours more secure, and whether or not you should be using a password manager (spoiler – yes, you should).

What are the Worst Passwords?

The study’s top 100 worst password through up some surprises, although you can probably guess the very worst. And if you can guess it, so can a hacker.

The top ten worst passwords according to the data are:

Turns out that ‘donald' is a terrible password

  • 123456
  • password
  • 123456789
  • 12345678
  • 12345
  • 111111
  • 1234567
  • sunshine
  • qwerty
  • iloveyou

Most of the top ten are the same as they were last year, with the classic ‘123456’ keeping its position at number one. However, there are some new entries in the list, including the seemingly random ‘sunshine’ (although not random enough that it couldn’t be easily guessed), and ‘111111’, which is a new low in laziness for password creation.

Elsewhere in the list, buried among number and alphabet strings, are some intriguing insights into what people are thinking about when creating passwords. Among them, ‘donald’ at number 23, and ‘monkey’, at 18. You view the full list here.

Has My Password Ever Been Hacked?

The data in the study from SplashData comes from previously hacked accounts, the result of millions of users having their details leaked.

Creating a strong password is key to help prevent your accounts being hacked, but it’s also important to keep any eye on any leaks that might affect you. Any sites you use will alert you when their data is breached, but it’s also worth using a site like haveibeenpwned.

The haveibeenpwned site collects information from leaked accounts and uses them to create a searchable database. Type in your email address (it’s perfectly safe, and won’t be stored), and the site will not only tell you if your data has been compromised, but also trace it back to the date and origin of the leak. It goes without saying that should you be unfortunate enough to have been affected, change your password immediately.

How Can I Create a Safe Password?

It goes without saying that all the passwords in the top 100 list break the rules of secure password creation. There’s barely a capital letter to be found, much less a symbol, and they’re all way too simple to pose any serious challenge to a hacker.

So how do you go about making a robust password? The key is to make it hard to guess, but easy to remember.

That might seem like a challenge, but you’d be surprised at how simple it is to create a password that works for you.

However, don’t assume that a password that appears impossible to crack will be watertight. For example,’Q!koP9$f’ might seem like a virtual Fort Knox to our human brains, but software could crack it in a matter of hours.

Much better is a password that you find relatable. Take the example ‘DogComputerScreenSpeakerTV’, which would take 327 septillion years to crack. That’s a long time for some to dedicate getting into your Facebook account.

You can find more tips on how to create the ultimate secure password in our dedicated guide to creating strong passwords.

Consider a Password Manager

Chances are that you’re juggling a lot of online accounts across social media, retailers, banking, work and so on. With each needing a unique password, that’s a lot to remember.

Luckily, Password Managers can step in and take away all the headaches of remembering stacks of log-in details, and can even help you create ultra-secure passwords too.

Password Managers cost a few bucks a month, and for anyone who is constantly having to reset their eBay password, are priceless. Using a Password Manager, you’ll automatically be logged into any sites you visit, whether you’re using your computer, tablet or phone, and you won’t have to remember anything.

Most also have tools that will assess your existing passwords, helping you to create new ones if they’re not strong enough. Not only that, but some also alert you when any sites you use have their security breached.

Read our guide to the Best Password Managers for 2019.

TechCo Logo thumbnaillastpass vs 1password tech.co
Overall Score4 stars5 stars
Full ReviewLastPass review1Password review
Ease of Set Up5 stars5 stars
Features4 stars5 stars
Performance4 stars5 stars
Help and Support3 stars 3 stars
Value for Money4 stars5 stars
Free version?YesNo
Annual Subscription$24$36
Support Options?Email basedEmail based
Best DealGet LastPassGet 1Password

1Password is our Best-Rated Password Manager – Click to See Deals

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Jack is the Content Manager for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.