SplashData has once again published its annual list of the worst passwords of the year, compiled from five million passwords that were leaked on the internet this year. As usual, online users continue to use easily guessable passwords for their online accounts.
For the fifth consecutive year, “123456” and “password” top the list of the most popular passwords. There were some new entries on the list, such as “654321” and “donald” (apparently in “honor” of the current U.S. President, Donald Trump).
The easy-to-guess passwords make it simple for hackers to break into accounts, says SplashData CEO Morgan Slain.
“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
The top 10 most popular passwords of 2018 are:
- 123456
- password
- 123456789
- 12345678
- 12345
- 111111
- 1234567
- sunshine
- qwerty
- iloveyou
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”
SplashData estimates that almost 10% of users have used at least one of the top 25 worst passwords on the list. Nearly 3% have used the top worst password at one time or another, which is “123456.”
SplashData suggest passwords should be no shorter than twelve characters and should have all types of characters included. Every log-in a user has should use a different password, and users should make use of password manager apps to generate and store passwords.
Apple’s latest mobile operating system, iOS 12, includes a password autofill feature that makes it easy to generate and enter passwords in Safari and other apps. It works in conjunction with third-party apps such as 1Password.
