Enhance your password security.

Get Started
CTA icon
Ask more questions text between two clocks

Q&A On Our Worst Password List

January 20, 20164 min read

We always get lots of questions about our annual Worst Passwords List, so I thought I'd tackle some of these questions here.

What exactly are these 25 Worst Passwords? How do you collect passwords?

Technically, these are the most common 25 passwords we found from our searches of public posts or "dumps" of plain text (rather than hashed or encrypted) passwords posted on a wide variety of sites on the Internet during the calendar year 2015. We found over 2 million such passwords in 2015 from our searches. Most of these password dumps would be from hacks, breaches, or leaks of password databases on servers supporting consumer web sites. We make an effort to ensure these are unique passwords (so we are not double counting the same posts from different sources).


Why are these the "Worst Passwords"?

We call them the "worst passwords" because when it comes to password security, using a popular password is a very bad thing. Since the most popular passwords are so common, these popular passwords would be among the very first tried by any hacker or malicious "cracking" program. When you choose a password, you want something unique, complex, and unusual, and you want to make sure you use different passwords for different sites.


How popular are the 25 Worst Passwords?

We estimate about 3% of people are using these 25 worst passwords, which is consistent with our prior samples, but the trend does seem to point toward a smaller percentage of people using them each year


Why do you publish the Worst Password list?

We're trying to educate people about the risks of choosing convenient but weak passwords. We want to encourage people to use longer, stronger, more complex passwords or passphrases. We also want to encourage people to use different passwords for different websites. And obviously we know that once people start following these better practices, they are more likely to follow security experts' recommendations and use a password manager like our SplashID for consumers and TeamsID for organizations and families.


How long have you been researching Worst Passwords?

Over 5 years, dating all the way back to 2011


Do you have other information about your research?

Yes, you can get our free ebook on results from our 5 years of researching common passwords


Of the two million leaked passwords the 2015 list is sourced from, were there any sites in particular that provided a large percentage? Are adult sites included?

There is a pretty wide variety of sites represented with no one leak representing a large portion of the sample. We make an effort to exclude adult sites since those tend to be overweighted in leaks, and the kinds of passwords people use on adult sites tend to be different from passwords they use on other sites (i.e., a lot more naughty!).

How has the importance of an individual password evolved as people's information is increasingly exposed as a result of attacks on corporate databases outside of their control?

Since exposure is constantly increasing -- more sites being hacked, more passwords at risk -- what's becoming more and more important over time is to use different passwords for different sites. It's almost inevitable that some of your logins somewhere will be exposed. You just want to make sure that exposure doesn't have a cascading effect on your other logins, especially at more valuable sites and services (e.g., email and financial services).

To learn more about our insights from these studies, click here to download our new eBook, Worst Passwords: What We Have Learned From Five Years of Studying the Internet's Most Commonly Used Passwords




Get started for FREE

facebook social icon
twitter social icon
linkedin social icon
Enhance your password security

The best software to generate and have your passwords managed correctly.

TeamPassword Screenshot
Recommended Articles
A male volunteer stands in front of four other volunteers with his hands on his hips, smiling.

Password Management

May 29, 20247 min read

Best Password Manager for Nonprofits (2024)

Nonprofits have unique needs in software, from lower budgets to less tech-savvy staff or no dedicated IT staff. ...

Electrician in hardhat

Password Management

May 27, 202412 min read

6 Best Password Managers for the Trades (Electricians, Plumbers, HVAC, Contracters)

Wondering how to organize your passwords as an electrical, HVAC, plumbing, or any other contracting or trade business? ...

KeePass logo with arrow pointing to 10 alternatives

Password Management

May 15, 202410 min read

Top 10 KeePass Alternatives for 2024

KeePass is a solid software for certain use cases, but there are a few reasons you might look ...

The Password Manager for Teams

TeamPassword is the fastest, easiest and most secure way to store and share team logins and passwords.