Don't Use Any of These Truly Awful Passwords

One would think that, after years of exhortations, most people would know better than to use "password" or "12345" to protect their most sensitive data. Evidence suggests, however, that bad passwords are as popular now as they ever were, and the top 25 are trivially easy to guess.

An annual study has exposed 2015's worst passwords, and if you're using any of them for your accounts, now is as good a time as any to change it to something a little harder to guess.

Credit: Shutterstock/Evan Lorne

(Image credit: Shutterstock/Evan Lorne)

Every January, SplashData, a Los Gatos, California-based password-management company, produces a study of the previous year's worst passwords. The company does not share its methodology unless you sift through a (free) eBook that it sends via e-mail, but the basics are easy enough to understand. The company shares 25 passwords that are so common and easily guessable as to be nearly worthless in practice.

MORE: 10 Best Mobile Password Managers46

If you read our previous reports, you won't be shocked that "123456" is still the most common dumb password, with "password" still occupying the No. 2 spot. The rest of the top 10 were similarly eye-rolling: "12345678," "qwerty," "12345," ""123456789," "football," "1234," "1234567" and "baseball," in that order. Suffice to say, don't use a linear string of numbers to protect your most sensitive data.

Other offenders from further down the list were equally uninspired, from "welcome" at 11, to "abc123" at 13, to "letmein" at 19 (a perennial favorite since the early days of the Interwebs). Of more interest were some of the new entries, including "welcome," "login" and "1qaz2wsx." (The last one may seem clever until you realize that it's just the first two rows of keys tapped vertically.)

SplashData also drew attention to three relatively new entries: "princess," "solo" and "starwars." These passwords, seemingly inspired by a galaxy far, far away, may or may not persist on the list, since the popularity of Star Wars tends to wax and wane with film releases. Even so, it's probably safer to avoid simple Star Wars passwords for the moment. (Nowhere did "captainkirk1701" show up on the list, once again proving that the Star Trek franchise is superior.)

In case you've been silly enough to use one of the passwords on the list, SplashData does have a few commonsense recommendations: a password should be at least 12 characters long, and use a mix of numbers and upper- and lower-case letters. Don't use the same password for multiple sites, and if you have a ton of passwords, use a password manager to keep them straight.

SplashData recommends its own password-management program, SplashID, but there are plenty of other good ones on the market.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Online Security
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Latest in News
Synseer healthbuds
This new pair of earbuds wants to track your health like a smartwatch — but there's a hefty price tag
iOS 19 logo on an iPhone
iOS 19 — all the rumors so far
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Google Calendar app on iPhone
Google Calendar is about to get a Gemini AI upgrade, and it makes more sense than you'd think
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
  • InFinnity
    Another security problem is that people use the same password to all of their accounts instead of spreading it around a bit.
    Reply