While a secure password can help protect everything from emails and personal photos to banking details, some people still aren’t getting the message, with millions opting for the same, simple options that are a gift to hackers.
SplashData has released its annual list of the 25 worst passwords and despite high-profile cases such as the Ashley Madison and T-Mobile hacks perennial favourites “123456” and “password” are still top of the list.
Using public dumps of hacked data from 2015, the security analysts found more than two million passwords and studied these to come up with the 25 most popular and, therefore, most easily cracked.
2022 SsangYong Korando e-Motion review: electric SUV with a budget-friendly price, specification and range
20 of the best names for fish and chip shops
Borders property: Magnificent 4-bedroom Victorian villa with large garden, paddock and stunning views
Rory has the last laugh after selling his Jedburgh mansion for £2.7m
Cheap car insurance for new drivers: expert’s tip on how under-25s can save £368 a year
While various versions of the numbers sequence and the old “run-the-finger-along-the-keyboard” technique were also prevalent in the list, sport and pop culture also got a look-in.
“football” moved up three places to seventh on the list while “baseball” held on in the top 10 as well. The return of one of cinema’s biggest franchise prompted “starwars” to enter the top 25 and is probably also responsible for the appearance of “solo” and perhaps “princess” in the list as well.
Releasing the list SplashData said: “Since the most popular passwords are so common, these popular passwords would be among the very first tried by any hacker or malicious ‘cracking’ program. When you choose a password, you want something unique, complex, and unusual, and you want to make sure you use different passwords for different sites.
“Since exposure is constantly increasing - more sites being hacked, more passwords at risk - it’s almost inevitable that some of your logins somewhere will be exposed. You just want to make sure that exposure doesn’t have a cascading effect on your other logins, especially at more valuable sites and services (e.g. email and financial services).”
Here’s the list in full, if you recognise yours on it, it’s time to rethink your logins...
1. 123456 (Unchanged)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. Football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. baseball (Down 2)
11. welcome (New)
12. 1234567890 (New)
13. abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. dragon (Down 7)
17. master (Up 2)
18. monkey (Down 6)
19. letmein (Down 6)
20. login (New)
21. princess (New)
22. qwertyuiop (New)
23. solo (New)
24. passw0rd (New)
25. starwars (New)