Top 50 Worst Passwords of 2019

While the president has been embroiled in the impeachment process and is on many people’s naughty lists this holiday season, one list he no longer will find his name is on SplashData and TeamsID's annual list of Worst Passwords. In the company’s ninth annual installment of the Worst Passwords of the Year list, “donald” is not among the top 25 most dangerous and most commonly leaked passwords by hackers. In other news, “password” has for the first time in the list’s history been knocked out of the top two spots.

While making his 2018 debut on the annual list, compiled by SplashData after evaluating more than 5 million passwords leaked on the Internet, “donald” was nowhere to be found on the 2019 list.

“Invoking the name of the president or any other celebrity as your password is a dangerous decision, one that hackers will exploit and put you at substantial risk of having your identity stolen,” said Morgan Slain, CEO of SplashData, Inc., a developer of password security solutions for personal and business protection.

Presenting our “Worst Passwords of 2019”:

1 - 123456 (rank unchanged from 2018)

2 - 123456789 (up 1)

3 - qwerty (Up 6)

4 - password (Down 2)

5 - 1234567 (Up 2)

6 - 12345678 (Down 2)

7 - 12345 (Down 2)

8 - iloveyou (Up 2)

9 - 111111 (Down 3)

10 - 123123 (Up 7)

11 - abc123 (Up 4)

12 - qwerty123 (Up 13)

13 - 1q2w3e4r (New)

14 - admin (Down 2)

15 - qwertyuiop (New)

16 - 654321 (Up 3)

17 - 555555 (New)

18 - lovely (New)

19 - 7777777 (New)

20 - welcome (Down 7)

21 - 888888 (New)

22 - princess (Down 11)

23 - dragon (New)

24 - password1 (Unchanged)

25 - 123qwe (New)

26 - 666666

27 - 1qaz2wsx

28 - 333333

29 - michael

30 - sunshine

31 - liverpool

32 - 777777

33 - 1q2w3e4r5t

34 - donald

35 - freedom

36 - football

37 - charlie

38 - letmein

39 - !@#$%^&*

40 - secret

41 - aa123456

42 - 987654321

43 - zxcvbnm

44 - passw0rd

45 - bailey

46 - nothing

47 - shadow

48 - 121212

49 - biteme

50 - ginger

While the company is encouraged that “password” -- among the worst of all bad passwords -- has finally been dethroned, SplashData still finds that computer users continue using the same predictable, easily guessable words and alphanumeric patterns as their passwords. While many computer programs now prevent these passwords from being created in the first place, older applications and some websites still enable people to use dangerously weak passwords.

Among the new entries this year are “1q2w3e4r” and “qwertyuiop” - simple patterns using contiguous keys on the keyboard. Using such letter/number combinations may seem to be complex but will not fool hackers who know millions of people use them.

Each year, SplashData evaluates millions of leaked passwords to determine which passwords were most used by computer users during that year. Common passwords that continually appear on the Worst Passwords list, beyond “password” and “123456”, include “princess”, “qwerty”, “iloveyou” and “welcome.”

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” says Slain. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

The over five million leaked passwords evaluated for the 2019 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.

Here are three simple tips to be safer from hackers online:

  1. Use passphrases of twelve characters or more with mixed types of characters.
  2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
  3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.