"Dragon" among the 25 worst passwords of 2019

Last updated on December 10th, 2021

Password manager creator SplashData has released its list of the top 25 worst passwords of 2019, based on information gathered from data breaches.

Often, a new password based on some cultural trend makes the list. In 2014, it was Batman and Superman (per the movie “Batman V Superman”); in 2015 it was “Star Wars”; and in 2018, it was “Donald.” This year, apparently it’s “Game of Thrones” (and/or “How to Train Your Dragon”), as “dragon” made the top 25 list.

The 25 worst passwords of 2019

Here’s the 25 worst passwords of the year:

123456
123456789
qwerty
password
1234567
12345678
12345
iloveyou
111111
123123
abc123
qwerty123
1q2w3e4r
admin
qwertyuiop
654321
555555
lovely
7777777
welcome
888888
princess
dragon
password1
123qwe

The usual password advice

Laptop with security lock — Photo by TheDigitalWay (Pixabay / CC0)

Here’s my usual password advice:

Use a password manager, such as KeePass, 1Password, and LastPass (I use the latter). Password managers can create and store strong unique passwords for each site.
Avoid using popular or famous phrases, religious quotes, catchphrases, etc. as passwords or passphrases. As tempting as “YouShouldHavePutARingOnIt,” “AvengersAssemble,” or “MayTheForceBeWithYou” might be as passwords, avoid using such.
Don’t use Facebook (or another social network) as a login for sites. As tempting as it is to use Facebook to log into other sites, at this point I recommend against such. Just create a new password for the site in question. Besides, Facebook has its own problems.
Don’t reuse passwords on more than one account. The use of passwords on multiple sites can make security breaches even more dangerous for users.
Use two factor authentication if possible. Two factor (or two step) authentication helps beef up security on sites, by requiring an additional step (and separate piece of information) to log in. Google Authenticator and Authy are two popular apps to use with this.