Time to Change Your Password: 25 Worst Passwords of 2018 Revealed

100 worst passwords of 2018

Time to change your password. 

It seems that just about every other week in 2018 we saw stories about data breaches and hackers gaining access to millions and millions of users' personal information. As people place more and more of their life online, they make themselves more vulnerable to hackers, identity theft, and scams. Unfortunately, it doesn't seem like people have learned their lesson about the need for a strong password. 

SplashData examined more than 5 million passwords that had been leaked on the internet over the last year and found that users are still using the same kind of predictable, easy-to-guess passwords that provide little to no security at all. 

Perennial favorites "123456" and "password" continue to be the #1 and #2 most used passwords. President Trump made his debut on the list with "trump" becoming the 23rd most common password used. 

"Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision," said Morgan Slain, CEO of SplashData, Inc. "Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations."

Here's a list of the top 25 worst passwords as gathered by SplashData (the entire list can be viewed their site): 

  1. 123456 (Rank unchanged from last year)
  2. password (Unchanged)
  3. 123456789 (Up 3)
  4. 12345678 (Down 1)
  5. 12345 (Unchanged)
  6. 111111 (New)
  7. 1234567 (Up 1)
  8. sunshine (New)
  9. qwerty (Down 5)
  10. iloveyou (Unchanged)
  11. princess (New)
  12. admin (Down 1)
  13. welcome (Down 1)
  14. 666666 (New)
  15. abc123 (Unchanged)
  16. football (Down 7)
  17. 123123 (Unchanged)
  18. monkey (Down 5)
  19. 654321 (New)
  20. !@#$%^&* (New)
  21. charlie (New)
  22. aa123456 (New)
  23. donald (New)
  24. password1 (New)
  25. qwerty123 (New)

"Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. "It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year."

If you saw your password on the list, don't feel too bad. For about 15 years during the Cold War, the "secret" code to launch the U.S.'s arsenal of nuclear missiles was set to "0000000". 

Experts say users should use passwords that are more robust, with at least 12 characters containing mixed types of characters (!@#$). To make it easier to remember your password, try using a passphrase (something like: SillyMonkeyPass). Experts also recommend people use different passwords for different websites so that if hackers gain access to your password, they won't have access to everything you do online. 

People should also consider signing up for a password service that will help you keep track of all your passwords like LastPass, Dashlane, or RoboForm

Photo: Getty Images

Dashlane


Sponsored Content

Sponsored Content