The Internet’s 25 Worst Passwords, and What They Say About You

The good news is that “password” is no longer the most-popular password on the Internet, according to the latest report from SplashData. The bad news is that it’s still the second-most common—and “123456” is the first.

At first blush, SplashData’s annual list of the 25 most common passwords—compiled from files posted online in the wake of security breaches—is not the sort of document that instills great faith in the cleverness of the online masses. On the other hand, some password has to be the most popular. Wouldn’t it be weird if it weren’t something really dumb and obvious?

Keep in mind that the report only tells us the popularity of the top 25 passwords relative to one another, not their absolute popularity. It’s conceivable, then, that both “password” and “123456” are less common across the Internet than they were a year ago. In fact, SplashData CEO Morgan Slain confirmed to me via email that the weakest passwords have declined in popularity in recent years—but only slightly. “We keep hoping for steeper declines as people get more educated about the risks of simple passwords (hence the annual list) and as websites start to enforce stronger password policies,” he said.

So in the spirit of educational password-shaming, here’s SplashData’s list of this year’s 25 worst passwords, along with our own expert analysis of what each one says about the sort of person who uses it. If you find one of your own on the list, it would be prudent to promptly re-examine your entire life change it.

  1. 123456
    I can’t be bothered to take even the most basic step to protect my personal information. Seriously, just go ahead and take it.
  2. password
    I failed to understand the question.
  3. 12345678
    I tried “123456,” but the computer said I had to use at least eight characters.
  4. qwerty
    Aren’t I clever? My password is written right there on the keyboard.
  5. abc123
    I’m a fan of the Jackson Five.
  6. 123456789
    I’m a positive-integer maximalist.
  7. 111111
    I managed to find one of the few passwords that’s both easy to crack and hard to remember. (How many 1s was it, again?)
  8. 1234567
    Seven is my lucky number!
  9. iloveyou
    I’m Theodore Twombly.
  10. adobe123
    You may have cracked my Adobe password, hacker, but you’ll never guess my password for Microsoft!
  11. 123123
    Aha! You were expecting 123456, weren’t you.
  12. admin
    I should be fired immediately.
  13. 1234567890
    I have mastered the base-10 numeral system.
  14. letmein
    Might as well let everyone else in, too.
  15. photoshop
    They told me not to use the same password for every program, so…
  16. 1234
    I can’t be bothered to take even the most basic step to protect my personal information, and neither can the people who run this site.
  17. monkey
    I am an actual monkey.
  18. shadow
    I fancy myself quite sneaky.
  19. sunshine
    I cry myself to sleep at night.
  20. 12345
    I cannot be bothered to take even the most basic etc.
  21. password1
    My last password was compromised, so I added a “1” this time for extra security.
  22. princess
    I’m waiting to be swept off my feet by a Nigerian prince.
  23. azerty
    Hey, at least it’s better than qwerty.
  24. trustno1
    It’s not paranoia if they really do keep guessing my password.
  25. 000000
    My day job is coming up with nuclear launch codes

Hot this week

The Hidden Costs of Overengineering Security

Complex security systems often create more vulnerabilities than they prevent by overwhelming teams with noise and maintenance demands while missing actual threats.

The True Cost of Chasing Compliance Over Security

Compliance frameworks create a false sense of security while modern threats evolve beyond regulatory requirements. Learn how to build actual protection rather than just checking boxes.

The Hidden Risk of Over Reliance on AI Security Tools

Over reliance on AI security tools creates dangerous blind spots by weakening human analytical skills. True resilience comes from balancing technology with continuous team training and critical thinking.

The Quiet Dangers of Overlooking Basic Security Hygiene

Basic security hygiene prevents more breaches than advanced tools, yet most teams overlook fundamentals while chasing sophisticated threats.

Your Password Strategy Is Wrong and Making You Less Secure

The decades-old advice on password complexity is forcing users into insecure behaviors. Modern security requires a shift to passphrases, eliminating mandatory rotation, and embracing passwordless authentication.

Topics

The Hidden Costs of Overengineering Security

Complex security systems often create more vulnerabilities than they prevent by overwhelming teams with noise and maintenance demands while missing actual threats.

The True Cost of Chasing Compliance Over Security

Compliance frameworks create a false sense of security while modern threats evolve beyond regulatory requirements. Learn how to build actual protection rather than just checking boxes.

The Hidden Risk of Over Reliance on AI Security Tools

Over reliance on AI security tools creates dangerous blind spots by weakening human analytical skills. True resilience comes from balancing technology with continuous team training and critical thinking.

The Quiet Dangers of Overlooking Basic Security Hygiene

Basic security hygiene prevents more breaches than advanced tools, yet most teams overlook fundamentals while chasing sophisticated threats.

Your Password Strategy Is Wrong and Making You Less Secure

The decades-old advice on password complexity is forcing users into insecure behaviors. Modern security requires a shift to passphrases, eliminating mandatory rotation, and embracing passwordless authentication.

Why API Security Is Your Biggest Unseen Threat Right Now

APIs handle most web traffic but receive minimal security attention, creating massive unseen risks that traditional web security tools completely miss.

Security Teams Are Asking the Wrong Questions About AI

Banning AI tools is a failing strategy that creates shadow IT. Security teams must pivot to enabling safe usage through approved tools, clear guidelines, and employee training.

The Illusion of Secure by Default in Modern Cloud Services

Moving to the cloud does not automatically make you secure. Default configurations often create significant risks that organizations must actively address through proper tools and processes.
spot_img

Related Articles

Popular Categories