For the last seven years, SplashData has revealed its annual list of the most commonly used passwords of the year. This time around, the results reveal that, uh, we still have work to do.
The 2018 Worst Passwords of the Year list was determined after SplashData evaluated over 5 million passwords that have leaked online in the last year. The top two slots have been left unchanged for the fifth year in a row. They are, maddeningly, “123456” and “password.” The next five consecutive spots were other assortments of numbers (“123456789” and “111111”, for instance).
Several of the 25 included passwords were repeats from previous years, but there were a handful of new ones. Some were more poignant for the hellish year (“666666” and “!@#$%^&*” and “donald”) compared to inexplicably optimistic-sounding ones (“sunshine” and “princess”).
“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” Morgan Slain, CEO of SplashData, said in a news release. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
SplashData noted in the news release that its intention behind creating these painfully revealing lists is to prompt readers to adopt better security measures, namely stronger passwords. Obviously a strong password alone isn’t a surefire way to protect yourself online, but it’s definitely a crucial factor, and pretty much the entire list of the most commonly used ones are begging to be hacked.
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” Slain said. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”
If you find that your passwords aren’t so unlike the ones included in this year’s list, wyd??? Change your passwords. Here’s the full, eighth annual list:
1. 123456 (Unchanged)
2. password (Unchanged)
3. 123456789 (Up 3)
4. 12345678 (Down 1)
5. 12345 (Unchanged)
6. 111111 (New)
7. 1234567 (Up 1)
8. sunshine (New)
9. qwerty (Down 5)
10. iloveyou (Unchanged)
11. princess (New)
12. admin (Down 1)
13. welcome (Down 1)
14. 666666 (New)
15. abc123 (Unchanged)
16. football (Down 7)
17. 123123 (Unchanged)
18. monkey (Down 5)
19. 654321 (New)
20. !@#$%^&* (New)
21. charlie (New)
22. aa123456 (New)
23. donald (New)
24. password1 (New)
25. qwerty123 (New)