It seems like every other month we’re learning about data breaches at major companies. This year alone, 4 billion records were breached in the first six months of the year alone.
Facebook and popular video game Fortnite were both breached this year.
Yet on a more personal level, people are leaving themselves up to hacking and identify theft by using easy-to-guess passwords like … “password.”
SplashData, a security services firm, recently released its latest annual list of the worst passwords. The firm evaluates more than 5 million passwords that have been leaked online to compile list.
It’s interesting to note that “Donald,” which SplashData suggests is a reference to President Donald Trump, was on the list of worst passwords last year but does not appear on this year’s list.
“Invoking the name of the president or any other celebrity as your password is a dangerous decision, one that hackers will exploit and put you at substantial risk of having your identity stolen,” said Morgan Slain, CEO of SplashData, Inc., a developer of password security solutions for personal and business protection.
Below are the 25-worst passwords of the year, along with their change in ranking from last year:
1 – 123456 (rank unchanged from 2018)
2 – 123456789 (up 1)
3 – qwerty (Up 6)
4 – password (Down 2)
5 – 1234567 (Up 2)
6 – 12345678 (Down 2)
7 – 12345 (Down 2)
8 – iloveyou (Up 2)
9 – 111111 (Down 3)
10 – 123123 (Up 7)
11 – abc123 (Up 4)
12 – qwerty123 (Up 13)
13 – 1q2w3e4r (New)
14 – admin (Down 2)
15 – qwertyuiop (New)
16 – 654321 (Up 3)
17 – 555555 (New)
18 – lovely (New)
19 – 7777777 (New)
20 – welcome (Down 7)
21 – 888888 (New)
22 – princess (Down 11)
23 – dragon (New)
24 – password1 (Unchanged)
25 – 123qwe (New)
SplashData reported that passwords like “1q2w3e4r” and “qwertyuiop” are not safe because although they seem complex, they are still “simple patterns using contiguous keys on the keyboard,” which won’t fool hackers.
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” Slain added in the press release. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”
Gizomodo highlighted an additional 25 terrible passwords via SplashData-owned company TeamsID:
26 – 666666
27 – 1qaz2wsx
28 – 333333
29 – michael
30 – sunshine
31 – liverpool
32 – 777777
33 – 1q2w3e4r5t
34 – donald
35 – freedom
36 – football
37 – charlie
38 – letmein
39 – !@#$%^&*
40 – secret
41 – aa123456
42 – 987654321
43 – zxcvbnm
44 – passw0rd
45 – bailey
46 – nothing
47 – shadow
48 – 121212
49 – biteme
50 – ginger
As you can see, “Donald” made the second list.