‘696969’ and 24 more of the dumbest passwords of 2014

Dear everyone: Your password game is weak.

SplashData’s annual “worst passwords people are still somehow still using” list has come out. They have done this for several years now, and it’s appalling how foolishly bad the most common passwords still are. One of the new ones on this year’s list was 696969, which proves crude references do not make good passwords. Another terrible password is “trustno1” which proves irony isn’t dead.

Yes, it’s true that for the most part passwords are just an annoying hurdle to clear before we can log in to social networks, e-mail, a favourite pay-meter newspaper, a bank account, or a million other single sign-in sites. Even though we know all about the big-time privacy breaches that happen seemingly every other day, we think hacking “can’t happen to me.”

Terrible passwords make it super easy for it to happen to you.

There are many reasons why a hacker or even just a moderately deviant jerk with a computer might decide to try and crack into your systems: maybe you annoyed one of them on social media, maybe you appear to have some money, maybe you know famous people and they are looking for photos? The most basic hacking technique is to try a number of common passwords: 123456, or Password or “qwerty”… things that aren’t so much passwords as invitations to break in.

Don’t use any of those. In fact, don’t use any of the top 25 most common (and worst) passwords listed below. How does it know what the most common passwords are? “SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year.” So don’t be one of those people who’s password gets stolen because it’s laughably easy.

The most terrible passwords of 2014

1. 123456

2. password

3. 12345

4. 12345678

5. qwerty

6. 123456789

7. 1234

8. baseball

9. dragon

10. football

11. 1234567

12. monkey 1

13. letmein

14. abc123

15. 111111

16. mustang

17. access

18. shadow

19. master

20. michael

21. superman

22. 696969

23. 123123

24. batman

25. trustno1

As a postscript, most security experts agree that even long strings of numbers and characters can be broken by some of the sophisticated cracking tools out there given enough time. When 1l2jfdpa1954!923* can be guessed by software, what’s the point of even having a password? Really, . And if you find those strong passwords daunting, there are password managing and generating tools like 1Password, PasswordSafe and LastPass that can help keep you safer. And as you might have guessed, SplashData also makes password managing software.

There’s also some signs of hope: “The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” online security expert Mark Burnett said in the company’s release. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 per cent of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

Courtesy: The Globe And Mail


  • in Montreal

    KEW Note that these ‘easy’ passwords weren’t found because they’re easy, but because a whole vault was broken into.

    So many places need passwords, when there is NOTHING in there I want to protect, and/or nothing that would be useful to anybody but me. So there I put the easy, stupid password, the one I’ve been using for 10 years and use the same everywhere. Saves my already limited brain power from having to remember yet another item, and saves me having to go root around in my phone to find what the damned password was.

    Where there’s actually info I need to protect, then I use a ‘decent’ password, not unbreakable, but enough to slow somebody down, send them to another account.

  • Trawnaman

    Line 4: ” the new one’s “. Apostrophes can be tricky – that’s why most “world class” newspapers have editors, fact-checkers and proof-readers.

  • Lucky Eddie

    “The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years”

    No, that’s the good news. It means that the bad guys have lots of easy victims and thus have little incentive to go after those of us who have taken this more seriously. Sort of a Darwin effect of the internet world.

  • Vincent Clement

    While I agree that users shouldn’t use weak passwords, some of the fault must lie with web sites that allow these passwords to be used. Any web site that allows “password” (or any password on these lists or deemed to be weak) to be used as a password needs to be outed and it’s security questioned.

  • Tim Cares

    It really depends on what the password is for. Does anyone care if their password to this comments section is strong or weak?

  • abate2

    “When 1l2jfdpa1954!92­3* can be guessed by software, what’s the point of even having a password?”
    Huh? According to https://howecur­eismypassword.n­et/
    It would take a desktop PC about 846 billion years to crack that password. I would say that was a pretty good password!

  • Fallen Libertarian

    And don’t keep a list of your passwords saved on your computer. That’s irresponsible. You need to commit 100 variations of as98&(($&ry$%34­wq78ft0a8 to memory

  • JLR

    collecting a bunch of passwords and analyzing their frequency doesn’t mean much. It depends what these passowrds are attached to. Who cares if my password to post on the G&M is let me in or 12345 for ease . What matters is if’s attached to my bank account and tranfers can be done by entering.
    This article is meaningless without this data.

  • kramnot

    Luckily they did not guess my password 654321

Leave a Reply

Your email address will not be published. Required fields are marked *