Weak passwords remain a problem in 2018, SplashData’s list reveals

123456 remains the most commonly used password, while Donald joins the list at the 23rd pace

The worst passwords of 2018The annual list of the worst passwords revealed that passwords are still chosen inattentively: the infamous 123456 tops the unsafe password list in 2018. According to the annual list of Worst Passwords of the Year from SplashData[1], computer users are still inadequate when it comes to password combinations. The report revealed that “password” and number combinations like 123456 are still among most the prevalent passwords from 5 million people whose data was leaked online.

Using complex passwords can protect your online safety – help avoid being hacked or getting sensitive information stolen. Your password shouldn't consist of any words or names related directly to you, and the name of the President of the United States is not a good option as well. Unfortunately, the name of Donald Trump was added to the list this year, coming in 23rd place.

Here are some examples that top the list of “Worst Passwords of 2018”:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin
  13. welcome
  14. 666666
  15. abc123
  16. football
  17. 123123
  18. monkey
  19. 654321
  20. !@#$%^&*

Easily guessable passwords stay in the list for years

The first two passwords on the list, namely password and 123456 haven't changed their position in the last five years. Additionally, 10% of people from North America and Western Europe have used at least one of these 25 passwords before.

As seen from the list, the number combinations are still popular, and passwords like 123456789, 12345678,123123, and 12345 continue to top the chards each year, swapping positions just a little. While Kanye West revealed his phone password on national television (000000) during his visit to the Oval Office, it did not make it to the list. However, the 000000, 666666 and similar combinations remain one of the weakest passwords that one can use.[2]

Some passwords that were on the list might look a little bit more complicated, for example, 1qaz2wsx, or !@#$%^&*. However, if you look at your keyboard, it becomes clear that these type of combinations will not be able to protect users from sophisticated password hacking tools.

Additionally, many familiar names such as Jennifer, Nicole, Robert and such were used as well. While rare names used as passwords might do the trick, such well known American names should never be used as a shield to protect the most sensitive data.

All in all, millions of computer users are not considering the risks that are related to weak passwords. The brute-force[3] technique is often used by ransomware and keylogger authors and relies on users who use passwords like such on the worst password list of 2018. SplashData states:

Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.

Put a little more effort into creating your password to protect yourself from data leak or malware infection

The best tip that many experts give is making your password at least seven characters long, – the more characters and more complex combinations without any specific words, the more secure your password is. The best way to ensure that your accounts and private information are safe is creating 12-14 character passwords with uppercase and lowercase lettering and number combinations.

Few other tips:

  • Use a different password for different account logins. In case one of your passwords gets stolen, it will prevent hackers claiming all your other accounts that the same password is used for.
  • Use password managing applications to generate secure, complex and random passwords and automatically login into various accounts.[4]
  • Check the top 100 list of the most insecure passwords to make sure yours is not included.

Also, keep your system clean and safe by employing antivirus software that uses a real-time scanning feature.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions