Australia Markets closed

Here are the worst passwords from 2018

Image: Getty

Internet users continue to use unsafe and easy-to-guess passwords despite constant warnings to protect themselves against hackers.

The cringeworthy “123456” and “password” are again the two most popular passwords in 2018, according to a study of 5 million leaked passwords by security software company SplashData.

This is the fifth consecutive year that those two passwords have topped the list. More depressingly, the next five passwords are all simple number strings like “12345” and “111111”.

SplashData chief executive Morgan Slain said that he hoped revealing how popular awful passwords were would prompt people to better protect themselves.

“It’s a real head-scratcher that with all the risks known, and with so many highly publicised hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

The perennial favourites were joined in the top 100 list this year by some topical passwords — “donald”, presumably a tribute to the current US president, came in as the 23rd most popular.

Slain said that using topical words was just as risky as using one of the oldies.

“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations,” he said.

SplashData estimated that almost 10 per cent of internet users have used one of the 25 worst passwords form 2018, and almost 3 per cent would have used the worst one, “123456”.

Top 25 worst passwords of 2018

1 123456
2 password
3 123456789
4 12345678
5 12345
6 111111
7 1234567
8 sunshine
9 qwerty
10 iloveyou

11 princess
12 admin
13 welcome
14 666666
15 abc123
16 football
17 123123
18 monkey
19 654321
20 !@#$%^&*

21 charlie
22 aa123456
23 donald
24 password1
25 qwerty123

The five million leaked passwords analysed came mainly from North American and European users, while passwords from adult websites were not included in compiling the rankings.

How to create a good password

SplashData recommended that all internet citizens follow three rules to avoid using passwords that are easily hacked:

  1. Use phrases 12 or more characters with mixed types (numbers, upper case, lower case, punctuation)
  2. Use different passwords for different logins. This means if a hacker finds out one of your passwords, they cannot wreak havoc on other accounts.
  3. Use password manager software to help remember all the different passwords and create secure ones that even you can’t guess.


Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.

Read next: Here are the 30 biggest risks to the market in 2019

Read next: These are the five questions Bill Gates asked himself at the end of 2018

Read next: Here’s how your property values changed last year