Skip to the article content

Twenty-five passwords you should never use

If this is what your password looks like, it's time to change!

When it comes to online passwords, popularity is a bad thing!

Despite this, a disturbingly high number of people choose the same predictable phrases when setting up their online accounts.

US password management company SplashData recently released its annual list of the 25 worst passwords, based on information from more than two million that were leaked in 2015. These are the ‘winners’:

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. football

8. 1234

9. 1234567

10. baseball

11. welcome

12. 1234567890

13. abc123

14. 111111

15. 1qaz2wsx

16. dragon

17. master

18. monkey

19. letmein

20. login

21. princess

22. qwertyuiop

23. solo

24. passw0rd

25. starwars

The goal of the list is to make people aware of how risky it is to use weak passwords and to encourage them to improve their own security.

SplashData CEO Morgan Slain points out that “using common sports and pop culture terms” is a bad idea . He says that another risk factor is passwords based on simple patterns - even if they are extra long. 

Why do you need a secure password?

With so many of our day-to-day transactions happening on the Internet, in many cases your passwords are your only protection. They keep your personal information and bank accounts safe and prevent breaches of privacy. 

Hackers use sophisticated programs to crack passwords, and usually target businesses and service providers to get into the accounts of their members.

The passwords they will try first are the most common ones.

If yours is a straightforward number sequence or predictable phrase you could be faced with having your bank account drained. Your tax file number could be stolen or even your entire identity hijacked.

How to make your password safer

SplashData and other tech outlets recommend the following steps for safer passwords:  

Aim for 12 characters

Users who have passwords requiring 12 characters or more are less likely to have their accounts broken into.

Don’t :

Use letters that are next to each other on the keyboard

Use your own name or birthdate

Do :

Mix it up with numbers and symbols.

Use random phrases

Avoid doubling up

Using the same password for all your important accounts can be a recipe for disaster. If you are logging in to multiple websites with the same phrase, it is time for a re-think.

Use a password manager

Instead of trying to remember your passwords or keep track of them in a notebook that sits next to your computer, make use of a password management app or program.

Sites such LastPass and 1Password will keep a record of all your logins and even generate passwords for you.

Check your password’s ‘hackability’

Before you use a password, you might want to run it through an app like It will give you an assessment on how long it would take a desktop PC to figure out your password.

Make spelling mistakes

If you spell the phrases in your password incorrectly, they can be harder to guess.

This can also work for the ‘secret questions’ that many websites require. A hacker may figure out the answer to what high school you went to but they are less likely to be able to infiltrate your account if you have altered the spelling. 

Avoid public computers

Don’t log into your bank account on a publicly accessible computer. If you want to check your social media or Google account, give yourself an extra layer of protection by requesting two-step verification.

This will send a text to your phone before letting you use your account on an unfamiliar machine.

The great thing about passwords is that they are easy to update, so if you are feeling sheepish about having some that are less than ideal - why not change them today? 

You might also like