The Worst Passwords of 2018

December 17, 2018

Bad habits die hard, according to SplashData’s eighth annual list of Worst Passwords of the Year. After evaluating more than 5 million passwords leaked on the Internet, the company found that computer users continue using the same predictable, easily guessable passwords. Using these passwords will put anyone at substantial risk of being hacked and having their identities stolen.

While terrible passwords such as “123456” and “password” continue in the #1 and #2 spots, respectively, President Trump debuted on this year’s list with “donald" showing up as the 23 rd most frequently used password.

“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to- remember combinations.”

Each year, SplashData evaluates millions of leaked passwords to determine which passwords were most used by computer users during that year. Even with the risks well known, many millions of people continue to use weak, easily-guessable passwords to protect their online information. 2018 was the fifth consecutive year that “123456” and “password” retained their top two spots on the list. The next five top passwords on the list are simply numerical strings.

SplashData, provider of password management applications TeamsID, Gpass, and SplashID, releases its annual list in an effort to encourage the adoption of stronger passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

SplashData’s Worst Passwords of 2018

123456
password
123456789
12345678
12345
111111
1234567
sunshine
qwerty
iloveyou
princess
admin
welcome
666666
abc123
football
123123
monkey
654321
!@#$%^&*
charlie
aa123456 w
donald
password1
qwerty123

SplashData said it estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

The Worst Passwords of 2018

Related Articles

Related Products

Related Events

Report Abusive Comment