Ben Squires


Thu, 21 Jan, 2016

25 worst online passwords used in 2015

25 worst online passwords used in 2015

Every year, SplashData releases a list of the most popular passwords discovered in data breaches released online over the past 12 months.

And this year, "123456" and "password" topped this list.

Just like last year. And the year before that.

Other popular choices this year were sports, like "football" and "baseball".

And "starwars," a newcomer to the list, ranked as the 25th most popular breached password, probably thanks to excitement over the release of the newest movie in the franchise.

Passwords are the banes of our increasingly online lives: Nearly everything we sign up for needs a password, and creating a secure one can be a pain.

Even when we come up with a good one, we always need more because reusing passwords can leave us exposed if a service we use gets breached.

To try to stay secure we are left relying on password management tools that sometimes get breached themselves, or juggling an almost ridiculous rotation of hard-to-remember passwords, or using a random string of characters we expect to reset the next time we log in.

Unless, that is, they just give up and use comically easy-to-guess passwords.

This password paradox is why tech companies like Google, Apple and Yahoo are trying to find ways to replace passwords.

Apple, for instance, includes fingerprint scanners in its new iPhones. And Google and Yahoo have been experimenting with ways that let people use their mobile phone to prove their identity without a password.

Unfortunately, these alternatives can come with their own drawbacks: You leave your fingerprints on pretty much everything you touch, and some researchers have even found way to fake fingerprints from high definition photos. And using just your mobile phone may leave you at risk if you lose it.

For now, at least, consumers are probably best off trying trying to remember strong, unique passwords for important services and turning on two-factor authentication, a system where they have to go through another step to confirm their identity when they log in - usually entering a code that's texted to their phone.

The full list of the 25 worst (and most common) passwords of 2015:

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. football

8. 1234

9. 1234567

10. baseball

11. welcome

12. 1234567890

13. abc123

14. 111111

15. 1qaz2wsx

16. dragon

17. master

18. monkey

19. letmein

20. login

21. princess

22. qwertyuiop

23. solo

24. passw0rd

25. starwars

First appeared on

Related links:

Can you find the panda hidden in this picture?

“Mummified" abandoned baby orangutan rescued and on the road to recovery

5 planets set to align in rare celestial display

Our Partners