Quick, what's your password? No, don't tell me, let me guess. It's 123456. No wait – it's password. Statistically speaking, there's a good chance I'm correct. Security firm SpalshData has released its list of the worst commonly-used passwords for 2018, and we're still doing terribly. This list is embarrassing. Let's take a look at the top 15 on the list.
- 123456
- password
- 123456789
- 12345678
- 12345
- 111111
- 1234567
- sunshine
- qwerty
- iloveyou
- princess
- admin
- welcome
- 666666
- abc123
The has all kinds of different combinations of sequential numbers, as well as just a bunch of nouns like "football," "donald," "freedom," just the word "computer," and a bunch of common kids' names. Going further down the list, some of our favorite brands pop up, like starwars and ferrari.
Compared to 2013, very little has changed. We're still using the same bad, easily hackable passwords.
SplashData hopes that by releasing this list, a few people will be inspired to change their passwords when they see them in the list. The source of these passwords is all the password that are stolen through security breaches and then leaked online for hackers to make of. SplashData goes through and figures out which ones are most often used in those breaches and rolls them out for us to peruse.
Anyone who pages through this list and sees one of their own password should go find out just how easy to is to crack passwords and then read our guide on creating and protecting good passwords.
Much of this comes from the ultra-specific password requirements many companies use. Your password must be 8-9 characters long, must use one letter, number, and non-alphanumeric character, and may not be the same as your last 20 passwords. But it also comes with the fact that every site has a password. It's like we're all expected to carry around a keyring with 200 keys on it and somehow remember which key goes to which door. So we just end up using the same key in every door, which lets data thieves unlock every door once they get one.
You can circumvent this completely by using password managers to store random passwords and using passwords that are hard to guess but easy to remember. "Monkey" is easy to guess. "MonkeysLoveMatchbox20!" is a lot tougher to guess and much more difficult to crack.
We should all be rolling through the list, linked in the source below, to make sure our passwords don't crop up on the list. We're all geeks here, and we should know better!
