“123456” Replaces “Password” on Annual “Worst Passwords” List

worst passwords

The number combination “123456” replaces the only slightly more obvious “Password” at the top of the “Worst Passwords” list compiled annually by password security company SplashData. The list of 25 is compiled from millions of stolen passwords posted online during the previous year.

In a release introducing this year’s list, the company explains:

“For the first time since SplashData began compiling its annual list, “password” has lost its title as the most common and therefore Worst Password, and two-time runner-up “123456” took the dubious honor.”

SplashData speculates the change in position may have been influenced by the large number of passwords belonging to Abobe users posted online when the company was hacked in October. Early estimates suggested the information of nearly 3 million customers had been affected.

Still, the list would seem to include numerous fairly easy to guess passwords like “111111,” “admin” and even “123123” finishing in the top 25.

It’s recommended that when choosing a password you select one with eight characters or more containing mixed characters (numbers and letters if possible.) It’s also important to avoid using the same passwords, no matter how secure, for multiple accounts.

Avoid passwords with common substitutions of numbers for letters to spell familiar words or phrases. One example suggested in the SplashData press release would be “dr4mat1c” which substitutes the numbers 4 and 1 for the letters “a” and “i.”

If totally random word and number combinations are too difficult to remember, try a short phrase of unrelated words separated by spaces or dashes. One example suggested in the SplashData release is “smiles_light_skip?”. The phrase includes words that might be easier to remember without writing down but would be hard to guess since they are not related and are separated by random dash symbols.

Here’s the full list of the top 25 “Worst Passwords” for 2013. Obviously, SplashData is recommending if you are using any of these passwords for your business accounts you change them immediately:

1. 123456

2. password

3. 12345678

4. qwerty

5. abc123

6. 123456789

7. 111111

8. 1234567

9. iloveyou

10. adobe123

11. 123123

12. admin

13. 1234567890

14. letmein

15. photoshop

16. 1234

17. monkey

18. shadow

19. sunshine

20. 12345

21. password1

22. princess

23. azerty

24. trustno1

25. 000000

Image: SplashData

More in: 10 Comments ▼

Shawn Hessinger Shawn Hessinger is the Executive Editor for Small Business Trends and a professional journalist with more than 20 years experience in traditional and digital media for trade publications and news sites. He is a member of the Society of Professional Journalists and has served as a beat reporter, columnist, editorial writer, bureau chief and managing editor for the Berks Mont Newspapers.

10 Reactions
  1. With the number of passwords I have to remember on a daily basis, I can empathize with people who choose very simple passwords. However, for security people need to up their games.

  2. Oh dear. I’m guessing the people who came up with those passwords didn’t have the tiniest clue what’s potentially at stake.

    Also, there are some sites where I’ve tried to generate a password and I’ve been forced to come up with something more complex. It wouldn’t let me complete the sign-up process until I did. Perhaps it should be the rule for everyone for everything that requires a password.

  3. The funny thing is this is 123456 is the favorite password of my mom and dad. It seems that this is the favorite password of people who are not that acquainted with technology.

  4. I wonder how much password really matter when it was revealed that foreign spies routinely hacked into the largest websites (i.e. Facebook, Twitter, etc.) looking for data to find terrorists.

    Really, if spies sent this capability, imagine how much more easily trained hackers can break into your password-protected accounts.

    • I see where you’re coming from, Enviro; but just because there’s someone out there that can pick a lock and therefore pick mine if they choose doesn’t mean I’m going to leave my door wide open or unlocked.