Enhance your password security.

Get Started
CTA icon
Ask more questions text between two clocks

Q&A On Our Worst Password List

January 20, 20164 min read

We always get lots of questions about our annual Worst Passwords List, so I thought I'd tackle some of these questions here.

What exactly are these 25 Worst Passwords? How do you collect passwords?

Technically, these are the most common 25 passwords we found from our searches of public posts or "dumps" of plain text (rather than hashed or encrypted) passwords posted on a wide variety of sites on the Internet during the calendar year 2015. We found over 2 million such passwords in 2015 from our searches. Most of these password dumps would be from hacks, breaches, or leaks of password databases on servers supporting consumer web sites. We make an effort to ensure these are unique passwords (so we are not double counting the same posts from different sources).


Why are these the "Worst Passwords"?

We call them the "worst passwords" because when it comes to password security, using a popular password is a very bad thing. Since the most popular passwords are so common, these popular passwords would be among the very first tried by any hacker or malicious "cracking" program. When you choose a password, you want something unique, complex, and unusual, and you want to make sure you use different passwords for different sites.


How popular are the 25 Worst Passwords?

We estimate about 3% of people are using these 25 worst passwords, which is consistent with our prior samples, but the trend does seem to point toward a smaller percentage of people using them each year


Why do you publish the Worst Password list?

We're trying to educate people about the risks of choosing convenient but weak passwords. We want to encourage people to use longer, stronger, more complex passwords or passphrases. We also want to encourage people to use different passwords for different websites. And obviously we know that once people start following these better practices, they are more likely to follow security experts' recommendations and use a password manager like our SplashID for consumers and TeamsID for organizations and families.


How long have you been researching Worst Passwords?

Over 5 years, dating all the way back to 2011


Do you have other information about your research?

Yes, you can get our free ebook on results from our 5 years of researching common passwords


Of the two million leaked passwords the 2015 list is sourced from, were there any sites in particular that provided a large percentage? Are adult sites included?

There is a pretty wide variety of sites represented with no one leak representing a large portion of the sample. We make an effort to exclude adult sites since those tend to be overweighted in leaks, and the kinds of passwords people use on adult sites tend to be different from passwords they use on other sites (i.e., a lot more naughty!).

How has the importance of an individual password evolved as people's information is increasingly exposed as a result of attacks on corporate databases outside of their control?

Since exposure is constantly increasing -- more sites being hacked, more passwords at risk -- what's becoming more and more important over time is to use different passwords for different sites. It's almost inevitable that some of your logins somewhere will be exposed. You just want to make sure that exposure doesn't have a cascading effect on your other logins, especially at more valuable sites and services (e.g., email and financial services).

To learn more about our insights from these studies, click here to download our new eBook, Worst Passwords: What We Have Learned From Five Years of Studying the Internet's Most Commonly Used Passwords




Get started for FREE

facebook social icon
twitter social icon
linkedin social icon
Enhance your password security

The best software to generate and have your passwords managed correctly.

TeamPassword Screenshot
Recommended Articles
Google Chrome logo with a cancel symbol on top


June 1, 20235 min read

How to Disable Google Chrome's Password Manager in 3 Steps

Security Concerns: While browser password managers offer convenience by storing and autofilling passwords, they can also be a ...

A person's finger in the foreground clicking a "login" button that is part of a login screen including username and password with a blurred background that looks like a hardware store.

Password Management

June 1, 20238 min read

The Best Ways to Store Passwords Online and Offline (2023)

Here are the best ways to store a password online or offline, to both protect your accounts and ...

The word "passphrase" spelled out on dice on a piece of paper that has many words written down in different colors and that looks like code.

Password Management

May 30, 20238 min read

What is a passphrase and should you use one?

Passphrases are the newest way to create passwords. They are often considered more secure and easier to remember ...

The Password Manager for Teams

TeamPassword is the fastest, easiest and most secure way to store and share team logins and passwords.