1. Home
  2. News
  3. Cybersecurity News

The worst passwords of 2018

Using a weak password can render consumer data more susceptible to hacking

Photo (c) designer491 - Getty Images
After evaluating more than 5 million leaked passwords from recent breaches, software company SplashData was able to compile its annual list of the Top 100 worst passwords.

For the fifth year in a row, the top spot on the company’s Worst Passwords list went to “123456,” and “password” nabbed second place.

Many other commonly used bad passwords landed on the list once again, but there were also several new offenders. Among them, "666666" (coming in 14th place), "princess" (11th place) and "donald" (23rd place).

"Sorry, Mr. President, but this is not fake news -- using your name or any common name as a password is a dangerous decision," SplashData CEO Morgan Slain said in a release. "Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online, because they know so many people are using those easy-to-remember combinations."

Worst passwords

SplashData estimates that about 10 percent of people have used at least one of the simple, easy-to-guess password on its Top 25 worst passwords list, and about 3 percent have used "123456."

"It's a real head-scratcher that with all the risks known, and with so many highly publicized hacks, such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year after year," Slain said.

Here is the complete list of the Top 25 worst passwords of 2018, according to SplashData:

1) 123456

2) password

3) 123456789

4) 12345678

5) 12345

6) 111111

7) 1234567

8) sunshine

9) qwerty

10) iloveyou

11) princess

12) admin

13) welcome

14) 666666

15) abc123

16) football

17) 123123

18) monkey

19) 654321

20) !@#$%^&*

21) charlie

22) aa123456

23) donald

24) password1

25) qwerty123

Take an Identity Theft Quiz

Get matched with an Authorized Partner