The world's most popular passwords

Publish Date
Thursday, 19 January 2017, 8:21AM
Photo / Getty Images

Photo / Getty Images

From Netflix to KFC, a huge number of firms were hacked in 2016, leaving users' accounts vulnerable.

But despite being regularly reminded not to use common passwords, which hackers can easily guess, it seems many aren't taking the warnings seriously.

A new list has revealed the most common passwords in 2016, and shows that a shocking 17 per cent of people have been safeguarding their accounts with '123456.'

Keeper, a password management firm based in Chicago, looked at 10 million passwords that became public through data breaches last year.

Four of the top 10 passwords on the list are six characters or shorter, meaning cracking software and hardware can easily unscramble them in just a few seconds.

And it seems that people are big fans of using obvious number sequences as their passwords, with 123456, 1234567, 12345678, 123456789 and 1234567890 all in the top seven.

Passwords like 1q2w3e4r and 123qwe indicate that some users are attempting to use unpredictable patterns to secure their passwords.

But Keeper says: 'Their efforts are weak at best.

'Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.'

Some of the passwords in the top list are surprising, and appear to be random, such as 18atcskd2w and 3rjs1la7qe.

But Graham Cluley, a security expert at the State of Security, believes that these passwords indicate that bots regularly use these codes when they set up fake accounts on public email services for spam or phishing attacks.

Keeper added: 'Email providers could do everyone a favour by flagging this kind of repetition and reporting the guilty parties.'

Last year, a study at the University of Lancaster looked at why many people continue to use obvious passwords on their accounts.

Dr Jeff Yan, co-author of a paper on password guessing, said: 'Why do [some] use such obvious passwords? A main reason I think is that they're either unaware of or don't understand the risks of online security.'

He added: 'Just like everybody knows what one should do when red lights are on in the road, eventually everybody will know 123456 or the like is not a good password choice.'

The researchers from Lancaster, as well as Peking and Fujian Normal universities in China, created algorithms to guess passwords based on attackers having access to different personal information.

They guessed passwords for more than 73 per cent of ordinary users' accounts.

And even for those who were more security-savvy, a third of passwords were cracked in 100 guesses.


Avoid favourite sports. 'Baseball' and 'football' were often in the top 10 worst password list.

Birthdays and years of birth are easy to guess with the help of personal information.

Common names such as Michael and Jennifer are insecure, with many making SplashData's Top 50 list, too.

Experts suggest using eight mixed types of characters, with seemingly random combinations if possible.

They say that passphrases - short words with spaces or other characters separating them - are easy to recall and are relatively secure if seemingly random words are used.

Experts also advise having different passwords for different sites, instead of relying on one, which if hacked, could prove particularly serious.


1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123
10. 987654321
11. qwertyuiop
12. mynoob
13. 123321
14. 666666
15. 18atcskd2w
16. 7777777
17. 1q2w3e4r
18. 654321
19. 555555
20. 3rjs1la7qe
21. google
22. 1q2w3e4r5t
23. 123qwe
24. zxcvbnm
25. 1q2w3

- Daily Mail