These Are the 25 Worst Passwords of 2019. Let's Do Better Next Year.
Password management firm SplashData has put together a list of the 100 worst passwords from 2019, which you should definitely leave behind in this decade full of data breaches.
You'll find some of the usuals on the list, like "12345" and "password," but you'll also find questionable choices like "cheese," "merlin," and "biteme." (Actually, that last one is pretty great.)
Read on for the best ways to make sure your passwords never end up on one of these lists.
As in years past, SplashData—a software company in Los Gatos, California that offers a number of password management solutions—has compiled 100 of the year's worst passwords, based on how frequently they showed up in a list of over five million passwords found in data breaches. Among them are a number of your typical, average terrible choices, like "password," but there are also some surprises, like "banana" and "dragon."
"Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off," SplashData CEO Morgan Slain said in a press statement. "We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns."
The 25 Worst Passwords of 2019
We'll tell you how to create an ironclad password combination in just a minute, but first, let's get to the list. Even if these words or numbers mean something to you, they shouldn't be your password, period—unless you really like having your accounts hacked.
SplashData estimates about 10 percent of people have used at least one of the top 25 worst passwords on the list, and nearly 3 percent have used the number one offender this year. So here are the 25 most hacker-prone passwords, in descending order from worst to slightly less worse. For the full list of the top 100 worst passwords, click here.
1) 123456
2) 123456789
3) qwerty
4) password
5) 1234567
6) 12345678
7) 12345
8) iloveyou
9) 111111
10) 123123
11) abc123
12) qwerty123
13) 1q2w3e4r
14) admin
15) qwertyuiop
16) 654321
17) 555555
18) lovely
19) 7777777
20) welcome
21) 888888
22) princess
23) dragon
24) password1
25) 123qwe
How to Build a Better Password
To create a stronger password, and to stay off next year's list, follow these fool-proof tips from Norton Security:
💻 Don't use personal information like pet names or numbers, especially those from your address, social security, phone number, or birthday. This information is often exposed online as it's needed to fill out most basic forms. Therefore, you should assume that hackers may have this information about you in their hands.
💻 Avoid using real words at all. Tools that are used to crack passwords are pretty efficient at processing words from the dictionary, plus alphanumerical combinations of letters and numbers. So rather than using a name or common term, use special characters like "&" and "$." While it's a great start to switch out letters for special characters that closely correspond, like swapping an "S" for a "$," it's the most obvious variant of those dictionary phrases. The more creative you get, the less chance there is that a password-cracking tool will help bad actors guess your combination.
💻 The longer, the better. Aim for at least 10 characters.
💻 Make common phrases more complicated. Think of something that's easy for you to remember, like a phrase from a song, and make it more difficult to guess. So turn "100 Bottles of Beer on the Wall" into "100BoBotW."
💻 Don't write your passwords down. Seriously, don't. Use a password manager to keep encrypted copies of all of your usernames and passwords on your browser. Google Chrome does this on its own if you opt in, but there are paid third-party options, too.
💻 Regularly change your password. Many enterprise-level employers actually require that you change the passwords on your accounts to keep the whole organization secure. You should be doing this on your own time, too, especially for your financial accounts. That's because passwords are made public after a data breach, and the username/password combinations are sold on the dark net. The longer your password sits there and festers, the better the chance it'll be exposed in a breach.
💻 Don't reuse passwords. If a hacker cracks your login information for one website, all of your accounts will be compromised. If you're struggling to think something up, use a random password generator, which takes advantage of whatever parameters you tell it to use. We recommend this one.
💻 Beware of using public devices or networks. Never enter your password on someone else's computer if you can help it. And when using public Wifi, avoid sites that require you to log in, especially if it's for a bank or another financial service. If you absolutely must use a public device or network, be sure to use a virtual private network, or VPN, to secure your connection.
💻 Use two-factor authentication: This is a method for verifying your identity by using more than one type of verification. Some kinds of two-factor authentication, or 2FA, include:
Something you know: a PIN number, password, or pattern.
Something you have: an ATM or credit card, mobile phone, or security token (like a YubiKey).
Something you are: a biometric form of authentication, such as your fingerprint, your voice, or your face.
💻 Test your password: You can test the strength of your password by visiting this site and typing it in. Don't worry, the site isn't creating a repository of passwords, because your information is never sent over an internet connection (you don't even need to press 'enter' or click a button to see your result). The coolest part? As you type, the software tells you approximately how long it would take a computer to figure out your password. The site turns red if your password is weak, but slowly turns green as you make it stronger. It'll even give you tips on how to improve your password security.
You Might Also Like
