Australia markets open in 1 hour 23 minutes

    -39.80 (-0.50%)

    +0.0018 (+0.27%)
  • ASX 200

    -37.40 (-0.49%)
  • OIL

    -0.06 (-0.08%)
  • GOLD

    -1.50 (-0.06%)
  • Bitcoin AUD

    +965.35 (+0.95%)
  • CMC Crypto 200

    -27.19 (-1.87%)

The worst passwords of 2019

A list of bad passwords on the left and a login screen on the right.
The same old favourites keep reappearing. (Images: Getty)

Despite almost daily warnings, internet users are inexplicably continuing to use very easy-to-guess passwords.

Tech researchers, as security company NordPass reported, have compiled a list of the 200 most popular passwords leaked in data breaches in 2019.

The embarrassing "12345" and its variations, "test1" and "password" all feature in the top five most popular passwords.

"The most popular passwords contain all the obvious and easy to guess number combinations (12345,111111,123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.)," said NordPass blogger Ruth Rawlings.


"Surprisingly, the most obvious one — “password” — remains very popular; 830,846 people still use it."

A table of top 50 most popular passwords of 2019. (Source: NordVPN)
Top 50 most popular passwords of 2019. (Source: NordVPN)

To the frustration of security professionals, people continue to use the same guessable passwords. The primary reason is that they're easy to remember than longer complex phrases.

"Unfortunately, it also means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts are automatically compromised too," Rawlings said.

The second reason is that internet users think they have nothing to hide.

"You might not have anything to hide, but what if you end up locked out of all your accounts – email, the file storage where you keep all your photos, social media, etc?" said Rawlings.

"Imagine having to pay thousands of dollars in ransom to regain access. A weak password is a disaster waiting to happen, so take action to stop it before it’s too late."

How to secure your passwords

The first port of call is to visit "Have I been pwned?" to check whether any of your accounts have been breached. Passwords should be immediately changed for breached accounts.

NordPass recommends deleting accounts on websites you no longer use. And updating the remaining ones to unique and complicated passwords.

Turning on two-factor authentication on websites that offer it can provide extra protection against hackers. This means the site will send a text message to your phone with a unique passcode when anyone tries to login.

Like the author of "Have I been pwned?", Troy Hunt, NordPass recommends the use of a password manager tool to record all your authentication phrases. That'll encourage you to create unique passwords for each of your accounts.

"Make sure to check your every account for suspicious activities regularly. If you notice something unusual, change your password immediately," Rawlings said.

"Data is getting more and more valuable... So, all the Michelles from Liverpool who like sunshine and dragons, please change your passwords right now."

Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.