So, you think your passw0rd is secure? Think again

Annual ‘Worst Passwords List’ uses leaks to showcases 25 most hackable logins

‘123456’, ‘welcome’, and ‘dragon’ are some of the passwords featured on SplashData’s Worst Passwords List. Photograph: Getty Images
‘123456’, ‘welcome’, and ‘dragon’ are some of the passwords featured on SplashData’s Worst Passwords List. Photograph: Getty Images

Is your password “123456”? Or “password”? Or the masterfully-concealed “passw0rd”? If so, you should change it.

Using more than 2 million leaked passwords from 2015, password management company SplashData has compiled its fifth annual "Worst Passwords List".

The line-up features some clangers, like the classic “123456” (ranked 1st) and “qwerty” (4th), while the more nuanced laziness of “1qaz2wsx” places it at number 15. The latter is a diagonal line of keystrokes from “1” to “z”, then again from “2” to “x”.

Some less obvious candidates also appear, including “dragon”, “monkey” and “letmein”.

READ SOME MORE

The publication of the list is “an effort to encourage the adoption of stronger passwords to improve internet security,” according to the company.

A number of new, longer passwords made their first appearance on the 2015 list: “. . . some new and longer passwords made their debut - perhaps showing an effort by both websites and web users to be more secure,” said SplashData.

“However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure,” it added.

The passwords reviewed for the list were mainly from North America and western European countries.

Below is the full Worst Passwords List, along with each password’s position in 2014.

1 - 123456 (unchanged)

2 - password (unchanged)

3 - 12345678 (up 1 place)

4 - qwerty (up 1 place)

5 - 12345 (down 2 places)

6 - 123456789 (unchanged)

7 - football (up 3 places)

8 - 1234 (down 1 place)

9 - 1234567 (up 2 places)

10 - baseball (down 2 places)

11 - welcome (new)

12 - 1234567890 (new)

13 - abc123 (up 1 place)

14 - 111111 (up 1 place)

15 - 1qaz2wsx (new)

16 - dragon (down 7 places)

17 - master (up 2 places)

18 - monkey (down 6 places)

19 - letmein (down 6 places)

20 - login (new)

21 - princess (new)

22 - qwertyuiop (new)

23 - solo (new)

24 - passw0rd (new)

25 - starwars (new)

Dean Ruxton

Dean Ruxton

Dean Ruxton is an Audience Editor at The Irish Times. He also writes the Lost Leads archive series