For the sixth straight year, “password” joins “123456” as the two most commonly used passwords on SplashData’s annual list of “Worst Passwords”. 

The passwords are compiled from more than 5,000,000 passwords leaked during the year.  Just over 10% of people use at least one of the 25 worst passwords on this year’s list, with nearly 4% of people using the worst password, 123456.  Also, there are three variations of the word “password”, none of which are recommended.  Using any of the passwords on this list puts you at a greater risk for identity theft.

“Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies,” says Morgan Slain, CEO of SplashData, Inc. “Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites.”

With a virtual drum roll, here are the worst passwords of 2016:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. football
  6. qwerty
  7. 1234567890
  8. 1234567
  9. princess
  10. 1234
  11. login
  12. welcome
  13. solo
  14. abc123
  15. admin
  16. 121212
  17. flower
  18. passw0rd
  19. dragon
  20. sunshine
  21. master
  22. hottie
  23. loveme
  24. zaq1zaq1
  25. password1

To create more secure passwords and keep them safe:

  • Use upper and lower case letters, numbers and special characters as your device permits.
  • Avoid using a single word as your password. Dictionary words are hackable in under 20 minutes – maybe under 10. 
  • Stay away from passwords that are easily identified with you such as names of pets or family members.
  • Use a different password for every account.
  • Don’t share your passwords.
  • Keep all passwords in a safe place like password-protecting software, not on Post-It Notes in your desk.

For help with your business IT support, contact CRU Solutions