Updated on December 10, 2021
Password management firm SplashData has published its annual list of the year’s worst passwords. According to Lifehacker, the passwords are based on 5 million leaked passwords, with SplashData concluding the 25 worst passwords are used by 10% of computer users.
This year’s list has several new entries, including “sunshine,” “!@#$%^&*,” and “Donald.” I’ll imagine that final addition to the list is neither a coincidence (given current events) nor a reference to Duckburg’s most famous resident.
The worst passwords of 2018
Here’s the list of the 25 worst passwords of 2018:
In previous years, I would’ve also suggested using a social network like Facebook or Google+ as a sign-in option for other websites. However, I don’t recommend this anymore. Google+ is getting shut down, and Facebook has multiple issues with data privacy and security.I’d advise using a password manager to create strong passwords, as well as store them. I like LastPass, though other popular choices include 1Password and KeePass.
Whether passphrases or passwords, some other advice includes:
- Making passwords or passphrases sufficiently long.
- Don’t make your password or passphrase a famous quotation, religious scripture, saying, etc. So no “JusticeLeague,” “CaptainKirk,” or “hollyjollychristmas.” (Yes, I wrote this at the holidays, for anyone stumbling upon this past past December.)
- A passphrase should be easy to remember.
- Don’t reuse passwords or passphrases on more than one account. If an account has a security breach and passwords are stolen, other accounts won’t be compromised through password reuse.