Better Check This List: Worst Passwords of 2018

By Pamela Rentz - January 3, 2019
Share URL
 
password list

During the holidays, did you or anyone else in your household receive a gift that added to the growing assortment of connected IoT devices? Any new smart speakers, TVs, appliances, gaming switches, toys, phones, tablets, etc.? Did you finally install a security camera to keep thieves from pilfering packages left on your porch? We’ve embraced the Internet of Things in our everyday lives, yet with so many connection points, there’s a risky habit too many of us still need to break—using weak passwords.

Once again, password management company SplashData evaluated more than five million passwords leaked on the Internet during the previous year and compiled the top 100 worst passwords for 2018. Surprisingly, for the fifth straight year, the top spots (#1 and #2) in the annual worst-of-the-worst list remain unchanged: “123456” and “password.”

Here are 2018’s most frequently used passwords from SplashData’s eighth annual list of Worst Passwords of the Year. Some are new to the list. Some simply shifted rankings. But if you’re using one of them, change it now.

  1. 123456 (Unchanged)

  2. password (Unchanged)

  3. 123456789 (Up 3)

  4. 12345678 (Down 1)

  5. 12345 (Unchanged)

  6. 111111 (New)

  7. 1234567 (Up 1)

  8. sunshine (New)

  9. qwerty (Down 5)

  10. iloveyou (Unchanged)

  11. princess (New)

  12. admin (Down 1)

  13. welcome (Down 1)

  14. 666666 (New)

  15. abc123 (Unchanged)

  16. football (Down 7)

  17. 123123 (Unchanged)

  18. monkey (Down 5)

  19. 654321 (New)

  20. !@#$%^&* (New)

  21. charlie (New)

  22. aa123456 (New)

  23. donald (New)

  24. password1 (New)

  25. qwerty123 (New)

If a password is easy for you to remember, it’s probably going to be used by hackers at some point. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency points out the obvious; if Internet-enabled devices are configured with default passwords to simplify setup, these same passwords are easily found online (see list above).

There are some tips worth reviewing in the CISA’s Choosing and Protecting Passwords website. Use different passwords on different systems and accounts; don’t use passwords that are based on personal information; and try to use the longest password or passphrase allowed (8–64 characters). And, consider password managers to keep track of your accounts, not a piece of paper next to your computer.

And while you may be careful about password security, keep in mind that others are connected to your network—both at home and at work.

Tags: 
security
iot
dhs
splashdata
passwords

Up Next

3 Myths about Software Project Managers
January 2, 2019
Get TechWell Insights Delivered Weekly
All TechWell Insights by this Author
Related Insights

About the Author

TechWell Insights To Go

(* Required fields)

Get the latest stories delivered to your inbox every month.

Due to your country's anti-spam laws, we are unable to give you access to this content, unless you agree to receive communications from TechWell