Top 25 worst-of-the-worst, most common passwords used in 2016

Here are the top 25 worst passwords, according to two different firms.

25 worst most common passwords in 2016

For the sixth year, SplashData has released its list of worst passwords.

According to SplashData, the list is based on over 5 million leaked passwords used by users in North America and Western Europe that were posted for sale online.

I thought it might be interesting to compare SplashData’s newest list with the top 25 most common password list released last week by rival firm Keeper Security. According to the two companies, these were the top 25 worst passwords people used in 2016:


SplashData’s list of worst passwords in 2016

Keeper’s list of worst passwords in 2016



1.       123456 

1.       123456         


2.       password

2.       123456789


3.       12345

3.       qwerty


4.       12345678

4.       12345678


5.       football

5.       111111         


6.       qwerty

6.       1234567890


7.       1234567890

7.       1234567


8.       1234567

8.       password


9.       princess

9.       123123


10.   1234

10.   987654321


11.   login

11.   qwertyuiop


12.   welcome

12.   mynoob


13.   solo       

13.   123321         


14.   abc123

14.   666666


15.   admin

15.   18atcskd2w


16.   121212

16.   7777777


17.   flower

17.   1q2w3e4r


18.   passw0rd

18.   654321


19.   dragon

19.   555555


20.   sunshine

20.   3rjs1la7qe


21.   master

21.   google


22.   hottie

22.   1q2w3e4r5t


23.   loveme

23.   123qwe       


24.   zaq1zaq1

24.   zxcvbnm


25.   password1

25.   1q2w3e


While there are a few of the same passwords on both lists—123456, password, 12345678, 1234567890, 1234567—this gives you an overview of what two different companies claim are the most common passwords being used.

If your passwords are on either list, then congratulations, you are using one of the worst, most insecure passwords in the world. In fact, you are practically begging, “Hack me.” If that’s really what you want, you will probably get your wish if you keeping using the same pathetic passwords. Seriously, try a password manager, as there are many different choices and price options, including freebies.

SplashData noted, “Just over 10% of people use at least one of the 25 worst passwords on this year’s list, with nearly 4% of people using the worst password, 123456.”

While the list again contains Star Wars-themed passwords, “hottie”, “loveme”, and “flower” are newcomers to the list. As for “zaq1zaq1” – it’s a keyboard pattern, “from the left column on standard keyboards – demonstrating again the importance of avoiding simple patterns.”

Password has three variations on this year’s list. SplashData CEO Morgan Slain said, “Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies. Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites.”

Copyright © 2017 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.