Each year, SplashData carries out an analysis of leaked passwords to find the top 25 dumb passwords. This year, the company had five million passwords to work from, most of them from hacks in the US and Europe.

There are plenty of old favorites – including ‘password’ – but this year eleven new ones made the list …

NordVPN

There’s no change to the top two. The top slot is retained by 123456, while #2 on the list is password.

Other top 10 places are taken by 12345, 1234567, 12345678 and 123456789. The top 10 are completed by 111111, sunshine, qwerty and iloveyou.

But eleven new dumb passwords made the top 25 this year, including ‘Donald.’

“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

The remaining new entries are 111111, sunshine, princess, 666666, 654321, !@#$%^&*, charlie, aa123456, password1 and qwerty123.

The full list is:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin
  13. welcome
  14. 666666
  15. abc123
  16. football
  17. 123123
  18. monkey
  19. 654321
  20. !@#$%^&*
  21. charlie
  22. aa123456
  23. donald
  24. password1
  25. qwerty123

SplashData said that it was inexplicable why people chose such obvious passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

The company said that almost 10% of people have used at least one dumb password on the list, and nearly 3% have used the worst one, 123456.

As always, our recommendation is to use a password manager to have strong, unique passwords for each website and app, and to always opt for two-factor authentication.

Photo: Shutterstock


Check out 9to5Mac on YouTube for more Apple news:

About the Author

Ben Lovejoy's favorite gear