Create a free account, or log in

The 25 worst passwords: “It’s like putting a cheap padlock on your front door”

“Password” and “123456” are still among the worst passwords being used on the internet, exposing millions of users to being hacked or having their identities stolen, according to research released this week from security services company SplashData. The most common passwords, compiled from more than 3.3 million leaked passwords during last year, show users are […]
Kirsten Robb
Kirsten Robb
ATO compensation

“Password” and “123456” are still among the worst passwords being used on the internet, exposing millions of users to being hacked or having their identities stolen, according to research released this week from security services company SplashData.

The most common passwords, compiled from more than 3.3 million leaked passwords during last year, show users are not heeding advice to create more unique and secure codes.

Both “password” and “123456” have held the top two spots each year since SplashData’s first list in 2011. The list also shows the continued popularity of numerical passwords and single words such as ‘football’, ‘dragon’ and ‘monkey’.

The passwords evaluated by SplashData were from users in North America and Western Europe.

Bill Mann, chief product officer at data security firm Centrify, told SmartCompany hacking was becoming more common and good, unique passwords were the key to protecting yourself against such a hack.

“The reason having a unique password is important is to keep the bad guys out,” says Mann. “They know what passwords to try and they will try them.”

“It’s kind of like putting a cheap padlock on your front door,” Mann adds.

Mann says the best passwords use a combination of letters, numbers and capitalisation, and are often best based on phrases or sentences well known to the user.

“Use a phrase or a sentence that means something to you so you can remember, not your kid’s name,” he says.

Mann also highly recommends using different passwords for each account you have. He says businesses can also take advantage of services like Centrify, which control employee’s access through one central account, meaning staff only need to remember one password.

Sieng Chye Oh, malware researcher at digital protection company ESET, also agreed a good password is the first line of defence against digital theft. 

“In the digital age, keeping your online property secure is just as important as your physical possessions,” he says.

“You wouldn’t leave your front door open, so why make it easy for people to get into your email, bank or Wi-Fi?”

His top tip for creating a strong password involves using an acronym of your favourite saying, interspersed with numbers and symbols, so it looks like gibberish. 

“An example could be “roses are red and violets are blue” and if your favourite number is 10, you could set your password as “”10RaR&VaB10”. This is both long and extremely difficult to guess, but very easy to remember,” he says.

Rank Password Change in rank
1 123456  No Change
2 password  No Change
3 12345  Up 17
4 12345678  Down 1
5 qwerty  Down 1
6 123456789  No Change
7 1234  Up 9
8 baseball  New
9 dragon  New
10 football  New
11 1234567  Down 4
12 monkey  Up 5
13  letmein  Up 1
14  abc123  Down 9
15  111111  Down 8
16  mustang  New
17  access  New
18  shadow  Unchanged
19  master  New
20  michael  New
21  superman  New
22  696969  New
23  123123  Down 12
24  batman  New
25  trustno1  Down 1