In The News

The worst, most used passwords for 2019 have been revealed…

SplashData have released their annual list of the year’s worst passwords. And by worst, we mean the most popular, lazy passwords that people employ to “protect” their online accounts.

Ok, as usual, a quick recap on how SplashData know your passwords and hence how they can compile a list of the 100 worst (again, most popular) passwords.

Online accounts are always getting compromised in various sized data breaches. Often millions at a time. Just ask users of Yahoo, MySpace, Disqus. Or this year, Adobe, CafePress and Capital One. Those that are responsible for these data breaches often leak the stolen data online, including passwords.

All of this leaked data can be accumulated for a mass treasure chest of passwords. Yes for cyber crooks, but also for security analysts like SplashData to analyse and anonymously aggregate the mass volume of data to create lists like their annual worst password list.

Before we get to the list, we reiterate the same advice we do each time this depressingly terrible list becomes available. Don’t use bad passwords. If your password is on this list, change it now. Because it’s terrible and it will not protect your account against anyone with even a modicum of technical know-how.


Sponsored Content. Continued below...




Automated password guessing software will take mere milliseconds to guess these passwords. They will be at the very top of the guessing list. Also, if available, use two-factor-authentication so crooks need more than just your password to gain access to your account. More on that here.

Also, on the flip side, the companies that allow you to create online accounts need to stop their users from using bad passwords. Test potential passwords to see if they appear on this list, or force users to use a combination of letters, numbers and symbols. So many companies still do not force this.

Now that’s out of the way, the list itself. And yes, ‘123456’ still tops the list like it has since 2013. Fewer users now employ the previous world champion ‘password’, which reigned supreme up until 2013 and remained in second place up until this year, when it has been knocked down to fourth place.

Second place this year is ‘123456789’ which was third last year and sixth the year before. And in third place is ‘qwerty’, which was 9th last year and 4th the year before.

#25 123qwe
#24 password1
#23 dragon
#22 princess
#21 888888
#19 7777777
#18 lovely
#17 555555
#16 654321
#15 qwertyuiop
#14 admin
#13 1q2w3e4r
#12 qwerty123
#11 abc123
#10 123123
#9 111111
#8 iloveyou
#7 12345
#6 12345678
#5 1234567
#4 password
#3 qwerty
#2 123456789
#1 123456

In summary, we’re still terrible at picking passwords. As usual, there is only a minor juggling of passwords. Maybe next year will be better. But then again, probably not.

See the full 1-49 here.
And 50-100 here.

Share
Published by
Craig Haley