What do “password” and President Trump have in common? Both lost ranking on SplashData’s Annual Worst Passwords List

Share Article

Password management firm SplashData releases its 9th annual Worst Passwords List after evaluating more than 5 million passwords leaked on the Internet

SplashData logo

Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off.

While the president has been embroiled in the impeachment process and is on many people’s naughty lists this holiday season, one list he no longer will find his name is SplashData’s annual list of Worst Passwords. In the company’s ninth annual installment of the Worst Passwords of the Year list, “donald” is not among the top 25 most dangerous and most commonly leaked passwords by hackers. In other news, “password” has for the first time in the list’s history been knocked out of the top two spots.

While making his 2018 debut on the annual list, compiled by SplashData after evaluating more than 5 million passwords leaked on the Internet, “donald” was nowhere to be found on the 2019 list.

“Invoking the name of the president or any other celebrity as your password is a dangerous decision, one that hackers will exploit and put you at substantial risk of having your identity stolen,” said Morgan Slain, CEO of SplashData, Inc., a developer of password security solutions for personal and business protection.

Presenting SplashData’s “Worst Passwords of 2019”:

1 - 123456 (rank unchanged from 2018)
2 - 123456789 (up 1)
3 - qwerty (Up 6)
4 - password (Down 2)
5 - 1234567 (Up 2)
6 - 12345678 (Down 2)
7 - 12345 (Down 2)
8 - iloveyou (Up 2)
9 - 111111 (Down 3)
10 - 123123 (Up 7)
11 - abc123 (Up 4)
12 - qwerty123 (Up 13)
13 - 1q2w3e4r (New)
14 - admin (Down 2)
15 - qwertyuiop (New)
16 - 654321 (Up 3)
17 - 555555 (New)
18 - lovely (New)
19 - 7777777 (New)
20 - welcome (Down 7)
21 - 888888 (New)
22 - princess (Down 11)
23 - dragon (New)
24 - password1 (Unchanged)
25 - 123qwe (New)

While the company is encouraged that “password” -- among the worst of all bad passwords -- has finally been dethroned, SplashData still finds that computer users continue using the same predictable, easily guessable words and alphanumeric patterns as their passwords. While many computer programs now prevent these passwords from being created in the first place, older applications and some websites still enable people to use dangerously weak passwords.

Among the new entries this year are “1q2w3e4r” and “qwertyuiop” - simple patterns using contiguous keys on the keyboard. Using such letter/number combinations may seem to be complex but will not fool hackers who know millions of people use them.

Each year, SplashData evaluates millions of leaked passwords to determine which passwords were most used by computer users during that year. Common passwords that continually appear on the Worst Passwords list, beyond “password” and “123456”, include “princess”, “qwerty”, “iloveyou” and “welcome.”

SplashData, provider of password management applications TeamsID, Gpass, and SplashID, releases its annual list in an effort to encourage the adoption of stronger passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” says Slain. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

According to SplashData, the over five million leaked passwords evaluated for the 2019 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.

SplashData offers three simple tips to be safer from hackers online:

1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.

To help protect computer users from hackers, SplashData is offering the full list of Top 50 Worst Passwords, a free one-year subscription for individuals to its Gpass password manager, and a TeamsID (password manager for enterprise workgroups) demo for businesses. Each of these resources may be found at TeamsID.com.

About SplashData:
SplashData has been a leading provider of password management applications for over 15 years. SplashID (http://www.splashid.com) has grown to be the most trusted multi-platform password solution for both the consumer and enterprise markets with over 1 million users worldwide. SplashID’s popularity continues to rise as the number of usernames, passwords, and account numbers most people have to remember is rapidly multiplying. At the same time, the risk of this kind of sensitive information falling into the wrong hands has never been greater. SplashID helps solve this dilemma by creating an encrypted digital safe available on smartphones, computers, USB keys, or online, offering the peace of mind of being able to access critical information whenever needed while maintaining the security of 256-bit encryption. The company’s business password manager TeamsID (http://www.teamsid.com) enables organizations to manage and share passwords and other sensitive records easily and securely. Gpass (http://www.gpass.io) enables Google users to have a seamless password management experience inside their Google account. SplashData was founded in 2000 and is based in Los Gatos, CA.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kevin Doel
+1 785-554-5336
Email >