“123456” and “password” again top SplashData’s annual “Worst Passwords List”

Three variations of “password” appear on this year’s list of risky passwords; millions of users continue putting themselves at risk

LOS GATOS, CA – A few months ago there were news reports that the hacking of Democratic National Committee’s John Podesta’s email was made easier because his email password was “password.” If these reports are true, he wouldn’t be alone. For the sixth straight year, “password” joins “123456” as the two most commonly used passwords on SplashData’s annual list of “Worst Passwords.” Use of any of the passwords on this list would put users at grave risk for identity theft.

In its sixth annual Worst Passwords report, compiled from more than five million passwords leaked during the year, three variations of “password” appear, including “passw0rd” and “password1”.

“Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies,” says Morgan Slain, CEO of SplashData, Inc. “Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites.”

While Star Wars-themed choices “princess” and “solo” keep the Force alive on the Worst Passwords list for the second year, sports terms have dropped off. The only sport to crack the Top 25 was “football” in the #5 spot.
New appearances on the list include “hottie”, “loveme”, and “flower”. One other new entry is “zaq1zaq1” from the left column on standard keyboards – demonstrating again the importance of avoiding simple patterns.

Simple numerical passwords remain common, with five of the top 10 passwords on this year’s list comprised of numbers only.

SplashData, provider of password management applications TeamsID, Gpass, and SplashID, releases its annual list in an effort to encourage the adoption of stronger passwords. According to SplashData, the over 5 million leaked passwords evaluated for the 2016 list were mostly held by users in North America and Western Europe.

Just over 10% of people use at least one of the 25 worst passwords on this year’s list, with nearly 4% of people using the worst password, 123456.

SplashData offers three simple tips to be safer from hackers online:

  • Use passwords of eight characters or more with mixed types of characters.
  • Avoid using the same username/password combination for multiple websites.
  • Use a password manager such as TeamsID to organize and protect passwords, generate random passwords, and automatically log into websites.

Get started for FREE

Prior Worst Password Lists:

Worst Passwords of 2015

Worst Passwords of 2014

Worst Passwords of 2013

Worst Passwords of 2012

# # #

About SplashData:

SplashData has been a leading provider of password management applications for over 15 years. SplashID (www.splashid.com) has grown to be most trusted multi-platform password solution for both the consumer and enterprise markets with over 1 million users worldwide. SplashID’s popularity continues to rise as the number of user names, passwords, and account numbers most people have to remember is rapidly multiplying. At the same time, the risk of this kind of sensitive information falling into the wrong hands has never been greater. SplashID helps solve this dilemma by creating an encrypted digital safe available on smartphones, computers, USB keys, or online, offering the peace of mind of being able to access critical information whenever needed while maintaining the security of 256-bit encryption. The company’s business password manager TeamsID (www.teamsid.com) enables organizations to manage and share passwords and other sensitive records easily and securely. Gpass (https://gpass.io) enables Google users to have a seamless password management experience inside their Google account. SplashData was founded in 2000 and is based in Los Gatos, CA.

Kevin Doel
TalonPR, Inc.