'Password' Tops the List of Common Passwords

Nov. 28, 2011
Despite Efforts to Make Networks More Secure, the Most Common Passwords Are Still Easy-to-Hack Entries Like 'Password' and '123456'

As we have reported in the past, the first step in protecting your network is relatively simple diligence. A surprising number of people, however, don’t take the basic steps to come up with a safe password, relying instead on something like “password” to safeguard their information.

In fact, “password” was the most common password used on the Internet this year, according to SplashData, which provides password management applications. The clever people who replaced the “o” with a zero to make it “passw0rd” still made the list of the 25 most common passwords for 2011.

Other common passwords include simple numerical choices like “123456” and “111111,” common names like “ashley” and “michael,” and patterns based on the layout of the keyboard like “qwerty” and “qazwsx.” With an increasing number of sites requiring more complex passwords, some letter and number combinations like “abc123” and “trustno1” are being used more often.

In an effort to encourage adoption of stronger passwords, SplashData released its “25 Worst Passwords of the Year” list for 2011, which was compiled from files containing millions of stolen passwords posted online by hackers.

1. password

10. dragon

19. shadow

2. 123456

11. baseball

20. 123123

3. 12345678

12. 111111

21. 654321

4. qwerty

13. iloveyou

22. superman

5. abc123

14. master

23. qazwsx

6. monkey

15. sunshine

24. michael

7. 1234567

16. ashley

25. football

8. letmein

17. bailey


9. trustno1

18. passw0rd


If you’re using any of the passwords on this list, change your passwords immediately, advised Morgan Slain, CEO of SplashData. “Hackers can easily break into many accounts just by repeatedly trying common passwords,” he said. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”

Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, Slain said. “Just a little bit more sophistication in choosing passwords will go a long way toward making you safer online.”

SplashData suggests making passwords more secure with these tips:

  • Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them, such as “eat cake at 8!” or “car_park_city?”
  • Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.
  • Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.