Don’t Try This at Home: The 25 Worst Passwords of 2018

After evaluating over 5 million passwords, SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list.
Published: December 22, 2018

SplashData has released its eighth annual list of the worst passwords used in 2018, proving just how careless some people are when it comes to cybersecurity.

Using generic, predictable words, phrases or numbers can put anyone at risk of being hacked, getting a virus or having personal information stolen.

The company evaluated over 5 million leaked passwords and came up with 100 password catastrophes.

For the fifth consecutive year, “123456” and “password” land in the number one and number two spots. President Trump was a new addition to this year’s list as well, with “donald” showing up as the 23rd most frequently used password.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

“Sorry, Mr. President, but this is not fake news — using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

Top 25 Worst Passwords of 2018

Here are the worst passwords of 2018 compared to where they placed last year. It’s probably fair to say people find simple numerical strings to be the easiest to remember.

  1. 123456 (Rank unchanged from last year)
  2. password (Unchanged)
  3. 123456789 (Up 3)
  4. 12345678 (Down 1)
  5. 12345 (Unchanged)
  6. 111111 (New)
  7. 1234567 (Up 1)
  8. sunshine (New)
  9. qwerty (Down 5)
  10. iloveyou (Unchanged)
  11. princess (New)
  12. admin (Down 1)
  13. welcome (Down 1)
  14. 666666 (New)
  15. abc123 (Unchanged)
  16. football (Down 7)
  17. 123123 (Unchanged)
  18. monkey (Down 5)
  19. 654321 (New)
  20. !@#$%^&* (New)
  21. charlie (New)
  22. aa123456 (New)
  23. donald (New)
  24. password1 (New)
  25. qwerty123 (New)

You can view the full list here. Last year’s list can be found here.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used 123456.

According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe.

SplashData offers three simple tips to be safer from hackers online:

1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of them, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize, generate secure random passwords, and automatically log into websites.

It’s time to take cybersecurity more seriously — think twice the next time you create a password.


This article originally ran in Campus Safety’s sister publication, Security Sales & Integration.

Posted in: News

ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series