And the worst passwords of 2013 are…

Seriously, stop using the word ‘password’ as your password


Seriously, 123456 is not a good computer password. Neither is the word “password” very useful as a password.

In fact, the two above-mentioned passwords were rated the worst passwords of 2013, according to the password management company SplashData, which released its annual list of the top 25 worst passwords of 2013 this week.

To rate the bad passwords, SplashData used files that were posted online containing hacked passwords from the last year.

Notably this year, password was no longer the worst password. It was knocked into the No. 2 spot by 123456, which is currently the worst password. Passwords featuring variations on the words “adobe” and “photoshop” also made an appearance on the list this year, due to Adobe’s giant password breach in October where millions of accounts were hacked.

The full list:

1. 123456

2. password

3. 12345678

4. qwerty

5. abc123

6. 123456789

7. 111111

8. 1234567

9. iloveyou

10. adobe123

11. 123123

12. admin

13. 1234567890

14. letmein

15. photoshop

16. 1234

17. monkey

18. shadow

19. sunshine

20. 12345

21. password1

22. princess

23. azerty

24. trustno1

25. 000000

And here’s a little tip from SplashData, which probably goes without saying: “The company advises consumers or businesses using any of the passwords on the list to change them immediately.”

Remember, when it comes to online safety trustno1.

Filed under:

And the worst passwords of 2013 are…

  1. but i use them ironically

  2. We had one IT guy who used “ping” & “pong,” depending on if it was an even or odd month. So much for security.

    • Other common ones are April1, January1 … which is real stupid to pattern passwords.

  3. Password is not “Taco”.

  4. Fairly similar almost every year.

  5. I worked at one place that had implemented a security policy that (for a while) required a monthly password change that was substantially different from the last. No changing the last digit. This was really annoying.

    Once, after several failed attempts to create a new password, I entered F**KOFF and it was accepted. I wrote it on a sticky note and stuck it on my monitor figuring nobody would know the better.

  6. Other bad passwords include default passwords. A simple Google search on routers and applications can reveal default passwords.

    Also, never use the same passwords between two or more unrelated uses. For example, my banking password is totally unrelated to my Discus password I use here. So if one is hacked, the other is safer.

    • wouldn’t want your discus hacked…

  7. Mine is always “(current girlfriend)ishot”

  8. I can’t count how many websites require an account now that, frankly, I just don’t care enough about. I want to use the service, but I will lose no sleep should some bored 12 year ‘hack’ into it. How often do I use my real name & information? Not often.

    I use ridiculous & easy passwords many times because they’re easy to remember. It’s all well and good to say we need to have intricate, differentiated passwords for all our online accounts, but at some point that just becomes unrealistic.

    Banking? Yeah, beef it up. Most other stuff? I’ll pick from the list of worst — because the only reason I’m including a password is because they’re making me.