Skip to main content

The worst password of all is no longer ‘password’ according to hacked accounts chart

passwords

You might have thought that it would be hard to come up with a worse password than ‘password,’ but according to a chart compiled by SplashData from hacked accounts, it has been edged out by ‘123456’.

The far more secure ‘12345678’ (33 percent more secure!) retains its position as number three, while a new entry in sixth place goes as far as ‘123456789’. Sadly, ‘letmein’, a password I always felt deserving of classic status, dropped seven places to achieve a mediocre ranking of 14.

Apple introduced iCloud Keychain as part of Mavericks and iOS 7.0.3, and if you’re not already using it, you can read our how-to guide. If you’re using older versions of OS X or iOS, we also ran a how-to guide on using a password manager to have unique, secure passwords for each website.

Via re/code

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. agsmith87 - 10 years ago

    Sunshine is 12 & 19?

  2. Toon Van Lishout - 10 years ago

    so how come sunshine has two positions ( 12 & 19 ) in this list?

  3. mockery17 - 10 years ago

    My favorite has always been ‘drowssap’. No, it’s not a password I use. I use 1Password to save my passwords.

  4. weakguy - 10 years ago

    000000 lol…

  5. sardonick - 10 years ago

    Damn. Now I have to change my credit card passwords, my luggage combo, my safe, and my banking password. No worries, I’ll use Password123456 instead.

  6. sardonick - 10 years ago

    I had forgotten about trustno1. Man that brings back memories. Still amazed at how many people do not take passwords seriously, especially considering what the typical uses.

    • Ben Lovejoy - 10 years ago

      I can understand people not caring about some random website that forces them to register, but given some of the sites that have been hacked, you have to wonder if some of these people do the same with their embanking logon …

      • sardonick - 10 years ago

        Sadly I can say from experience some do. I run smack into a wall and beat my head against it when someone repeatedly cusses out the mandatory password requirements of a site by using attempting multiple “bare minimum” passwords, and only choosing a “good” one when they’re forced to by the site. Alas, were it not for them, we would not have jobs.

      • Ben Lovejoy - 10 years ago

        There is that :-)

      • Henry Bowman - 10 years ago

        sardonick: Frankly, the worst offender is the Apple ID / App Store / iTunes Store password. You can’t store it in Safari, you can’t supply it from 1Password, and Apple forces you to change it once a quarter. I guess that’s someone’s idea of “great security,” but it is actually WORSE practice, because it forces you to either come up with an endless series of BS passwords you can easily remember, or to write it down on paper somewhere. Incredibly annoying.

      • Ben Lovejoy - 10 years ago

        Forces you to change it once a quarter? I’ve never been forced to change mine, and have only ever done so twice (both times at my instigation).

  7. ebertek - 10 years ago

    Number 12 is “admin”.
    Here’s the original article: http://splashdata.com/press/worstpasswords2013.htm

  8. degraevesofie - 10 years ago

    That list seems to be biased by Adobe account passwords. I.e., I can imagine that Adobe’s accounts have many “adobe123” and “photoshop” passwords, but I suspect that’s not true for other account provides.

    • Ben Lovejoy - 10 years ago

      You’d likely see the equivalent, though, I wonder how many Apple ID passwords are apple123?

  9. George Guerrette - 10 years ago

    It recently came to me to pick a phrase or limerick you really know, and then use just the first letter of each word or syllable. For example, “how much wood would a wood chuck chuck?” would be hmwwawcc. Dunno if this is a unique idea or not…

    • Thomas Bechard - 10 years ago

      It’s not particularly new. I remember people doing that in the past. The problem comes when you use the same password for multiple sites.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear