Don’t Try This at Home: The 25 Worst Passwords of 2018

After evaluating over 5 million passwords, SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list.

SplashData has released its eighth annual list of the worst passwords used in 2018, proving just how careless some people are when it comes to cybersecurity.

Using generic, predictable words, phrases or numbers can put anyone at risk of being hacked, getting a virus or having personal information stolen.

The company evaluated over 5 million leaked passwords and came up with 100 password catastrophes.

For the fifth consecutive year, “123456” and “password” land in the number one and number two spots. President Trump was a new addition to this year’s list as well, with “donald” showing up as the 23rd most frequently used password.

“Sorry, Mr. President, but this is not fake news — using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

Top 25 Worst Passwords of 2018

Here are the worst passwords of 2018 compared to where they placed last year. It’s probably fair to say people find simple numerical strings to be the easiest to remember.

  1. 123456 (Rank unchanged from last year)
  2. password (Unchanged)
  3. 123456789 (Up 3)
  4. 12345678 (Down 1)
  5. 12345 (Unchanged)
  6. 111111 (New)
  7. 1234567 (Up 1)
  8. sunshine (New)
  9. qwerty (Down 5)
  10. iloveyou (Unchanged)
  11. princess (New)
  12. admin (Down 1)
  13. welcome (Down 1)
  14. 666666 (New)
  15. abc123 (Unchanged)
  16. football (Down 7)
  17. 123123 (Unchanged)
  18. monkey (Down 5)
  19. 654321 (New)
  20. !@#$%^&* (New)
  21. charlie (New)
  22. aa123456 (New)
  23. donald (New)
  24. password1 (New)
  25. qwerty123 (New)

You can view the full list here. Last year’s list can be found here.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used 123456.

According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe.

SplashData offers three simple tips to be safer from hackers online:

1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of them, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize, generate secure random passwords, and automatically log into websites.

It’s time to take cybersecurity more seriously — think twice the next time you create a password.


This article originally ran in Campus Safety’s sister publication, Security Sales & Integration.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo