The Worst Passwords of 2018

Over the years it seems that the general public is finally starting to grasp the importance of having a strong and original password to protect their personal data – but, yet again, the annual list of the 100 worst passwords has shown that some things don’t change.

As always the list was put together by SplashData, and is based on about 5 million leaked passwords from different sources. For the fifth year running, the number one spot was taken by the ever-so predictable ‘123456’, followed by the simple ‘password’ in second place.

Unsurprisingly, the whole list is littered with variants of these two, with number patterns such as ‘123456789’ at number 3, ‘654321’ at number 19, and ‘password1’ at number 24. Just looking at the first 10 on the list clearly shows this repetitive mind-set.

Some equally lazy number patterns taking spots lower on the list include ‘111111’ and ‘666666’, as well as some more repeat offenders like ‘qwerty’, ‘admin’, ‘football’ and ‘welcome’.

For the users with the worst of memory there are even a variety of common first names used as passwords – something that could be guessed after just a brief introduction with a person. ‘Ashley’ at 82, ‘Andrew’ at 56, ‘Harley’ at 39, and – a new addition for 2018 – ‘Donald’ at 23.

So, what’s the lesson here? As much as the average user might know better, it’s so easy to let convenience surpass security – especially in the workplace, even though this is where data protection is of the highest importance. No matter how poor you think your memory is, or how strong you believe your security solutions to be, there is no excuse for using these predictable passwords.

The ideal password should be 8 characters long, including a mixture of lower and uppercase letters along with number and symbols where allowed. Most hackers crack passwords one letter at a time, so using a comprehensive word or name will make it easy for them to fill in the blanks after just a few letters – instead, use anagrams and acronyms to create a seemingly random set of characters that are still easy for you to recall.

For more information on improving your security awareness, take a look at Boxphish’s training solutions


Share this post

Close Menu