Post-It note on laptop that reads "Admin/Admin"

Juan J. Martínez/Flickr (CC-BY-SA)

The annual worst passwords rankings are out—and we’re all doomed

Avoid using these at all costs.

Jul 26, 2018, 2:26 pm*


Phillip Tracy 

Phillip Tracy

It’s that time of year again when Americans are reminded of how bad they are at protecting their personal information. We’re talking, of course, about the annual worst passwords ranking, a showcase of online negligence and a reminder of the year’s biggest pop culture icons.

As always, this year’s list was compiled by SplashData. Sadly, it offers few surprises.

Topping the list is the Yankees of bad passwords—you guessed it, “123456”. If you had something else in mind, it was probably the number 2 worst password, “password.” The first change to this year’s list is the increased use of “12345678,” which finds itself in third place, up from fourth. Other notable entries include “letmein” (7), “iloveyou” (10), monkey (13), starwars (16), “hello” (21), the telling “whatever” (23) and ironically, “trustno1.” At 100, “thunder” grabs the dubious worst of the worst honor.

Here are the top 25 worst passwords of 2017 (you can check out the top 100 list here):

1. 123456

2. Password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

11. admin

12. welcome

13. monkey

14. login

15. abc123

16. starwars

17. 123123

18. dragon

19. passw0rd

20. master

21. hello

22. freedom

23. whatever

24. qazwsx

25. trustno1

While this list gives us little hope that people pay heed to the warning we post at the end of cybersecurity articles, here we go again: Pick a long password that isn’t a common phrase, don’t reuse passwords, and please don’t use anything you see on this list.

Share this article
*First Published: Dec 19, 2017, 5:48 pm