Is your password “123456”? Or “password”? Or the masterfully-concealed “passw0rd”? If so, you should change it.
Using more than 2 million leaked passwords from 2015, password management company SplashData has compiled its fifth annual "Worst Passwords List".
The line-up features some clangers, like the classic “123456” (ranked 1st) and “qwerty” (4th), while the more nuanced laziness of “1qaz2wsx” places it at number 15. The latter is a diagonal line of keystrokes from “1” to “z”, then again from “2” to “x”.
Some less obvious candidates also appear, including “dragon”, “monkey” and “letmein”.
The publication of the list is “an effort to encourage the adoption of stronger passwords to improve internet security,” according to the company.
A number of new, longer passwords made their first appearance on the 2015 list: “. . . some new and longer passwords made their debut - perhaps showing an effort by both websites and web users to be more secure,” said SplashData.
“However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure,” it added.
The passwords reviewed for the list were mainly from North America and western European countries.
Below is the full Worst Passwords List, along with each password’s position in 2014.
1 - 123456 (unchanged)
2 - password (unchanged)
3 - 12345678 (up 1 place)
4 - qwerty (up 1 place)
5 - 12345 (down 2 places)
6 - 123456789 (unchanged)
7 - football (up 3 places)
8 - 1234 (down 1 place)
9 - 1234567 (up 2 places)
10 - baseball (down 2 places)
11 - welcome (new)
12 - 1234567890 (new)
13 - abc123 (up 1 place)
14 - 111111 (up 1 place)
15 - 1qaz2wsx (new)
16 - dragon (down 7 places)
17 - master (up 2 places)
18 - monkey (down 6 places)
19 - letmein (down 6 places)
20 - login (new)
21 - princess (new)
22 - qwertyuiop (new)
23 - solo (new)
24 - passw0rd (new)
25 - starwars (new)