Article Lead Image

Admit it: Your passwords are terrible

Get off your high horse and change your password.


Molly McHugh


Posted on Jan 20, 2015   Updated on May 29, 2021, 5:42 pm CDT

The worst passwords of 2014 are out, and they are as horrible as you hoped! SplashData, a password management system, has released its annual list, and apparently not many among us have learned anything. Without further ado, the list:

  1. 123456 (Unchanged from 2013)
  2. password (Unchanged)
  3. 12345 (Up 17)
  4. 12345678 (Down 1)
  5. qwerty (Down 1)
  6. 1234567890 (Unchanged)
  7. 1234 (Up 9)
  8. baseball (New)
  9. dragon (New)
  10. football (New)
  11. 1234567 (Down 4)
  12. monkey (Up 5)
  13. letmein (Up 1)
  14. abc123 (Down 9)
  15. 111111 (Down 8)
  16. mustang (New)
  17. access (New)
  18. shadow (Unchanged)
  19. master (New)
  20. michael (New)
  21. superman (New)
  22. 696969 (New)
  23. 123123 (Down 12)
  24. batman (New)
  25. trustno1 (Down 1)

The fact that numbers one and two remain in their respective spots from last year is wildly embarrassing, though I feel a small bit of suppressed pride in the fact that “111111” is down eight spots. Fun new additions include “michael” and “696969.”

But you know what they say about people in glass houses: You should probably get out of that breakable home and get a new password, too. Who among us can’t cop to a bad security habit or two? Admittedly, I used to write them down on the inside of a notebook in college. I even know someone whose in-laws still do this.

We are not alone, though. I crowdsourced a bit today, asking others if they would share their shameful password practices.

One friend admitted to using the same password for “multiple (probably important) accounts.” Another told me he likes to use the same expletive for logging in “because I am 12.” (He’s not 12; I am not friends with 12-year-olds.) Better-yet-still-dubious habits include keeping encrypted documented lists and spreadsheets, because taxed memories and creating accounts in order to access accounts are both special kinds of hell.

There are also the no-good-very-bad habits, like the person who admitted to a notepad doc full of passwords, account information, and even Social Security numbers. (This same person has enabled Gmail two-step verification after being hacked last year.)

“For some accounts I don’t use very often I just resign myself to not ever remembering the password and just doing a password reset every single time I access the account,” another confessed. “Sometimes this comes back to bite me in the ass when the password reset process takes forever or if I’ve forgotten BOTH my username and password, which happens with some frequency.” I have been to this place, and this place is horrible. In fact, I have some auto-saved passwords on one computer and others on another, and sometimes it’s just easier to switch entire devices than it is to take the time to create a cohesive Internet experience.

It’s never too late to get your password game right. Everyone who confessed here is smart, capable, and I would say Internet savvy. And of course, you can never review best password practices too often.

“Asking for help is not embarrassing,” says our own Kevin Collier. “Being the weak link who’s responsible for us temporarily losing control of our social media accounts, as happened with the SEA hack last year—that’s what’s embarrassing.” 

Photo via C x 2/Flickr (CC BY 2.0)

Share this article
*First Published: Jan 20, 2015, 2:35 pm CST