Is your password strong enough? Company lists worst passwords of the year

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

File image

(Jan. 20, 2016) – For the last five years, password management firm SplashData has tracked the 25 most common passwords found on the Internet, making them the “worst” passwords out there.

Some of the worst passwords are no strangers to the latest list. Stalwarts “123456” and “password” continue to top the list, with others like “qwerty,” “football” and “baseball” making the top ten.

SplashData compiled the list by combing through more than two million leaked passwords from 2015. The firm said Internet users continue to put themselves at risk by using simple passwords that are too easy to guess.

Here’s the list with a comparison of how each password ranked on last year’s list:

  1. 123456 (unchanged)
  2. password (unchanged)
  3. 12345678 (up 1)
  4. qwerty (up 1)
  5. 12345 (down 2)
  6. 123456789 (unchanged)
  7. football (up 3)
  8. 1234 (down 1)
  9. 1234567 (up 2)
  10. baseball (down 2)
  11. welcome (new)
  12. 1234567890 (new)
  13. abc123 (up 1)
  14. 111111 (up 1)
  15. 1qaz2wsx (new)
  16. dragon (down 7)
  17. master (up 2)
  18. monkey (down 6)
  19. letmein (down 6)
  20. login (new)
  21. princess (new)
  22. qwertyuiop (new)
  23. solo (new)
  24. passw0rd (new)
  25. starwars (new)

SplashData offered some advice on passwords to avoid:

  • Don’t use your birthday or especially just your birth year
  • Avoid using your children’s names
  • Don’t use your favorite sport or sports team
  • Avoid swear words, hobbies, famous athletes and movie names

As for building a better password, the firm suggests using passwords of at least twelve characters with a mixture of character types (letters, numbers, symbols). SplashData also recommends avoiding the same username and password for multiple websites.