Each year, SplashData carries out an analysis of leaked passwords to find the top 25 dumb passwords. This year, the company had five million passwords to work from, most of them from hacks in the US and Europe.
There are plenty of old favorites – including ‘password’ – but this year eleven new ones made the list …
There’s no change to the top two. The top slot is retained by 123456, while #2 on the list is password.
Other top 10 places are taken by 12345, 1234567, 12345678 and 123456789. The top 10 are completed by 111111, sunshine, qwerty and iloveyou.
But eleven new dumb passwords made the top 25 this year, including ‘Donald.’
“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
The remaining new entries are 111111, sunshine, princess, 666666, 654321, !@#$%^&*, charlie, aa123456, password1 and qwerty123.
The full list is:
SplashData said that it was inexplicable why people chose such obvious passwords.
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”
The company said that almost 10% of people have used at least one dumb password on the list, and nearly 3% have used the worst one, 123456.
As always, our recommendation is to use a password manager to have strong, unique passwords for each website and app, and to always opt for two-factor authentication.