Stay Safe Online

Worst Password List for 2018 has been revealed…

As with every year, security firm SplashData has revealed its list of the most commonly used passwords, which, as always, is essentially synonymous with a list of the worst passwords you could possibly use.

First things first; how does SplashData know the passwords you use?

Because, just like every year, they analyse all the recent big data security breaches out there where large swathes of usernames and passwords get dumped onto the Internet by cyber-crooks after they compromise the security of any number of big companies to which you may have been a member. This year, SplashData claim to have built their list from 5 million leaked passwords. So is it possible you were on that list? You can check on the website Have I Been Pwned? which may give you a good idea.


Sponsored Content. Continued below...




And what does the list of most commonly used passwords reveal?

Basically, that we’re still terrible at choosing passwords. While the full list is further below, we can reveal that the old chestnut “123456” has retained its top spot for a sixth year in a row, and “password” comes in at a close second, also for the fifth year in a row. Before that, the two were the other way around, meaning both have been in top two for many years now.

As for the rest, it’s only a minor juggling of positions, with the top ten remaining largely the same. As usual we have some “current affairs” entries, for example number 23 is “Donald” and number 39 is “Harley”.

Of course it’s also a poor reflection on the websites that continue to allow us to use these classics time and time again. While many of the top websites now force us to create stronger passwords (okay, maybe not as strong as our very own tee below may suggest) there are still swathes of smaller websites that still have an “anything will do” approach to passwords. And there are clearly still enough of us willing to put our cyber security as serious risk for mere convenience.

The problem, of course, is that easily guessable passwords – such as the passwords that appear on this annual list – will take brute force cracking software milliseconds to bypass. The reality is that if you were building software to try and crack a password – software that could potentially guess millions and millions of times – the very first guesses you will load into that software is a carbon copy of the list below.


Sponsored Content. Continued below...




So it really is not just worth it, and while two-factor-authentication can help with websites that support it – you’re still putting your security at a very unnecessary risk.

As for the list itself, here’s the top 25 in all its unoriginal, uninspiring goodness.

#25 qwerty123
#24 password1
#23 donald
#22 aa123456
#21 charlie
#20 !@#$%^&*
#19 654321
#18 monkey
#17 123123
#16 football
#15 abc123
#14 666666
#13 welcome
#12 admin
#11 princess
#10 iloveyou
#9 qwerty
#8 sunshine
#7 1234567
#6 111111
#5 12345
#4 12345678
#3 123456789
#2 password
#1 123456

So remember people, passwords should not be simple words or number patterns. They should contain lowercase, uppercase and numerical letters and digits, they should not appear in the dictionary and should not relate to personal information about you.

Share
Published by
Craig Haley