“Donald” among the 25 worst passwords of 2018

Password management firm SplashData has published its annual list of the year’s worst passwords. According to Lifehacker, the passwords are based on 5 million leaked passwords, with SplashData concluding the 25 worst passwords are used by 10% of computer users.

This year’s list has several new entries, including “sunshine,” “!@#$%^&*,” and “Donald.” I’ll imagine that final addition to the list is neither a coincidence (given current events) nor a reference to Duckburg’s most famous resident.

The worst passwords of 2018

Here’s the list of the 25 worst passwords of 2018:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin
  13. welcome
  14. 666666
  15. abc123
  16. football
  17. 123123
  18. monkey
  19. 654321
  20. !@#$%^&*
  21. charlie
  22. aa123456
  23. donald
  24. password1
  25. qwerty123

The passwords above are, of course, awful, and shouldn’t be used by anyone. See also the awful “Star Wars” themed passwords from 2015, and the Batman/Superman ones from 2014.

Password advice

Password screen
Photo by Marc Falardeau (Flickr / CC BY)

I’d advise using a password manager to create strong passwords, as well as store them. I like LastPass, though other popular choices include 1Password and KeePass.

In previous years, I would’ve also suggested using a social network like Facebook or Google+ as a sign-in option for other websites. However, I don’t recommend this anymore. Google+ is getting shut down, and Facebook has multiple issues with data privacy and security.

The NIST and some others (including webcomic xkcd) suggest using passphrases instead of passwords. Passphrases are longer than passwords, and thus offer a bit more security.

Whether passphrases or passwords, some other advice includes:

  • Making passwords or passphrases sufficiently long.
  • Don’t make your password or passphrase a famous quotation, religious scripture, saying, etc. So no “JusticeLeague,” “CaptainKirk,” or “hollyjollychristmas.” (Yes, I wrote this at the holidays, for anyone stumbling upon this past past December.)
  • A passphrase should be easy to remember.
  • Don’t reuse passwords or passphrases on more than one account. If an account has a security breach and passwords are stolen, other accounts won’t be compromised through password reuse.

Leave a Reply

Your email address will not be published. Required fields are marked *