X

The worst passwords of 2018 are just as dumb as you'd expect

"Password" will never be a good password. Period.

Abrar Al-Heeti Technology Reporter
Abrar Al-Heeti is a technology reporter for CNET, with an interest in phones, streaming, internet trends, entertainment, pop culture and digital accessibility. She's also worked for CNET's video, culture and news teams. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.
Expertise Abrar has spent her career at CNET analyzing tech trends while also writing news, reviews and commentaries across mobile, streaming and online culture. Credentials
  • Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has three times been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.
Abrar Al-Heeti
2 min read
Password entry
Getty Images

It doesn't look like we're getting any smarter about our passwords. 

On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, "123456," and in second place is, yup, "password." This is the fifth year in a row these passwords have held the top two spots. 

Newcomers to the list include "666666" (No. 14), "princess" (No. 11) and "donald" (No. 23).

"Sorry, Mr. President, but this is not fake news -- using your name or any common name as a password is a dangerous decision," SplashData CEO Morgan Slain said in a release. "Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online, because they know so many people are using those easy-to-remember combinations."

To compile its list, SplashData evaluated more than 5 million leaked passwords, mostly from users in North America and Western Europe. The company estimates that about 10 percent of people have used at least one of the Top 25 worst passwords, and about 3 percent have used "123456."

"It's a real head-scratcher that with all the risks known, and with so many highly publicized hacks, such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year after year," Slain said.

Celebrities and government officials aren't immune to choosing terrible passwords, a Wednesday report from Dashlane made plain. The top offender on that list was Kanye West, who revealed at an October meeting with President Donald Trump that his iPhone passcode is "000000."

Here are the 25 worst passwords of 2018, according to SplashData:

1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123

CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.