The annual list of the worst passwords is out. People are lazy and still use the same old compromised passwords. Not much has changed since 2018, 2017, or 2016. SplashData’s 9th annual list of worst passwords looked at 5 million passwords that were leaked in various data breaches in 2019 and found that 123456 is still the most frequently used password.
Some other interesting password factoids from the survey include:
password has been knocked out of the top two spots for the first time in the list’s history.- Simple patterns using contiguous keys on the keyboard like 1q2w3e4r, qwertyuiop, and !@#$%^&* are new for 2019. They may seem complex but will not fool attackers.
- QWERTY is a big mover in 2019. qwerty moved up 6 places to #3 in 2019 and qwerty123 moved up 13 spots to #13 in 2019.
- After making his debut on the 2018 annual list “donald” fell to #34 on the most dangerous password to use.
| Rank | Password | Change |
|---|---|---|
| 1 | 123456 | (Rank unchanged from 2018) |
| 2 | 123456789 | (up 1) |
| 3 | qwerty | (Up 6) |
| 4 | password | (Down 2) |
| 5 | 1234567 | (Up 2) |
| 6 | 12345678 | (Down 2) |
| 7 | 12345 | (Down 2) |
| 8 | iloveyou | (Up 2) |
| 9 | 111111 | (Down 3) |
| 10 | 123123 | (Up 7) |
| 11 | abc123 | (Up 4) |
| 12 | qwerty123 | (Up 13) |
| 13 | 1q2w3e4r | (New) |
| 14 | admin | (Down 2) |
| 15 | qwertyuiop | (New) |
| 16 | 654321 | (Up 3) |
| 17 | 555555 | (New) |
| 18 | lovely | (New) |
| 19 | 7777777 | (New) |
| 20 | welcome | (Down 7) |
| 21 | 888888 | (New) |
| 22 | princess | (Down 11) |
| 23 | dragon | (New) |
| 24 | password1 | (Unchanged) |
| 25 | 123qwe | (New) |
Morgan Slain, CEO of SplashData, told Gizmodo,
Our hope … is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off. We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.
rb-
So how can you keep your online personal information safe?
Make sure none of your passwords are on SplashData’s worst passwords of the year list. If they are log on and change them immediately. See the full 100 worst passwords on SplashData’s site.- Use two-factor authentication, whenever possible. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. Not sure if your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
- Consider a password manager. Your brain is no longer an adequate password manager. SplashData makes several password managers SplashID, TeamsID, and Gpass depending on your needs.
Related article
- The biggest password flubs of 2019, from Facebook’s stolen data to Lisa Kudrow’s Instagram (Business Insider)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.