Are Your Passwords On the 2015 ‘Worst Passwords’ List?

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Turns out, longer is not always better — and that goes for passwords, too.

SplashData has released the 2015 edition of its annual “Worst Passwords List” and, no surprise, ‘123456’ and ‘password’ once again reign supreme.

HOW are people still using those passwords??

That pair have led the list every year since it was started in 2011.

Many people thought longer was better and went with ‘1234567890’. You’re not fooling anybody, though.

‘1qaz2wsx’ (first two columns of main keys on a standard keyboard), and ‘qwertyuiop’ (top row of keys on a standard keyboard) also appear in the top 25 list for the first time, but they are each based on simple patterns that would be easily guessable by hackers.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” said Morgan Slain, CEO of SplashData.

New entries on the list include ‘passw0rd’, ‘welcome’, and ‘login’.

See? And we would have thought throwing digits in there as letters was slick — but hackers are onto the tricks.

Sports remain a popular password theme. While baseball may be America’s pastime, ‘football’ has overtaken it as a popular password. Both appear in the Top 10, with ‘football’ climbing three spots to number seven and ‘baseball’ dropping two spots to number 10.

When it comes to movies and pop culture, The Force may be able to protect the Jedi, but it won’t secure users who choose popular Star Wars terms such as ‘starwars’, ‘solo’, and ‘princess’, as their passwords. All three terms are also new entries on this year’s list.

The worst passwords of 2015:

1 – 123456 (unchanged from 2014)
2 – password (unchanged)
3 – 12345678 (Up 1)
4 – qwerty (Up 1)
5 – 12345 (Down 2)
6 – 123456789 (Unchanged)
7 – football (Up 3)
8 – 1234 (Down 1)
9 – 1234567 (Up 2)
10 – baseball (Down 2)
11 – welcome (New)
12 – 1234567890 (New)
13 – abc123 (Up 1)
14 – 111111 (Up 1)
15 – 1qaz2wsx (New)
16 – dragon (Down 7)
17 – master (Up 2)
18 – monkey (Down 6)
19 – letmein (Down 6)
20 – login (New)
21 – princess (New)
22 – qwertyuiop (New)
23 – solo (New)
24 – passw0rd (New)
25 – starwars (New)

SplashData offers three tips to help people protect themselves:

    • Use passwords or passphrases of twelve characters or more with mixed types of characters
    • Avoid using the same password over and over again on different websites
    • Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites