The folks at SplashData have evaluated over five million passwords to come up with their list of the absolute worst passwords of the year. They go through a database of compromised passwords to find out which ones were most commonly used.
“123456” and “password” retain the top spots for the fifth year in a row. These are often times combined with variations of the user’s names. It’s always a bad idea to work your name into a password. New on the list this year are “charlie,” “donald,” princess,” and “!@#$%^&*.” Current thinking on passwords is that the longer the password the better. So, a nice long sentence like, “hereishowIdotheworktostaysecure” will do a better job of protecting you because most automated programs won’t go for passwords that long. Remember, the most important thing you can do is activate some factor of two-factor authentication.
The top 25 are listed below with the change from the previous year’s ranking in red.
1. 123456 Unchanged
2. password Unchanged
3. 123456789 Up 3
4. 12345678 Down 1
5. 12345 Unchanged
6. 111111 New
7. 1234567 Up 1
8. sunshine New
9 qwerty Down 5
10. iloveyou Unchanged
11. princess New
12. admin Down 1
13. welcome Down 1
14. 666666 New
15. abc123 Unchanged
16. football Down 7
17. 123123 Unchanged
18. monkey Down 5
19. 654321 New
20′ !@#$%^&* New
21. charlie New
22. aa123456 New
23. donald New
24. password1 New
25. qwerty123 New