“123456” and “password” again top SplashData’s annual “Worst Passwords List”

Three variations of “password” appear on this year’s list of risky passwords; millions of users continue putting themselves at risk

A few months ago there were news reports that the hacking of Democratic National Committee’s John Podesta’s email was made easier because his email password was “password.” If these reports are true, he wouldn’t be alone. For the sixth straight year, “password” joins “123456” as the two most commonly used passwords on SplashData’s annual list of “Worst Passwords.” Use of any of the passwords on this list would put users at grave risk for identity theft.

In its sixth annual Worst Passwords report, compiled from more than five million passwords leaked during the year, three variations of “password” appear, including “passw0rd” and “password1”.

“Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies,” says Morgan Slain, CEO of SplashData, Inc. “Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites.”

While Star Wars-themed choices “princess” and “solo” keep the Force alive on the Worst Passwords list for the second year, sports terms have dropped off. The only sport to crack the Top 25 was “football” in the #5 spot.
New appearances on the list include “hottie”, “loveme”, and “flower”. One other new entry is “zaq1zaq1” from the left column on standard keyboards – demonstrating again the importance of avoiding simple patterns.

Simple numerical passwords remain common, with five of the top 10 passwords on this year’s list comprised of numbers only.

SplashData, provider of password management applications TeamsID, Gpass, and SplashID, releases its annual list in an effort to encourage the adoption of stronger passwords. According to SplashData, the over 5 million leaked passwords evaluated for the 2016 list were mostly held by users in North America and Western Europe.

Just over 10% of people use at least one of the 25 worst passwords on this year’s list, with nearly 4% of people using the worst password, 123456.

SplashData offers three simple tips to be safer from hackers online:

•    Use passwords of eight characters or more with mixed types of characters.

•    Avoid using the same username/password combination for multiple websites.

•    Use a password manager such as TeamsID to organize and protect passwords, generate random passwords, and automatically log into websites.

Get started for FREE

Prior Worst Password Lists:

Worst Passwords of 2015

Worst Passwords of 2014

Worst Passwords of 2013

Worst Passwords of 2012