The 25 Worst Passwords on the Internet

Getty Images

If you’re trying to protect your email or your bank account online, the dumbest password you can use is … “password.” This is according to SplashData, a California software firm that happens, among other things, to sell an app that helps you manage your passwords.

The list is one of those things that’s fun to poke through, but security people remind us that we’re more vulnerable online than we like to think, and sometimes we make it easy for the bad guys. Take a look, and if you use one of these, SplashData says it’s probably a good idea to change it.

1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon 11. baseball 12. 111111 13. iloveyou 14. master 15. sunshine 16. ashley 17. bailey 18. passwOrd (The “O” is a zero here) 19. shadow 20. 123123 21. 654321 22. superman 23. qazwsx 24. michael 25. football

We’ve seen things like this before; back in June, a New York app developer named Daniel Amitay found that of the 10,000 possible numeric pass codes on the iPhone, there were just 10 that represented 15 percent of all the codes he found to be in use. Like the list above, it was predictable: 1234 was the runaway leader, followed by 0000, 2580 (the center column on any phone keypad), 1111, 5555 and so forth.

SplashData offers basic advice: Don’t be so predictable.

–Mix up the characters in a password — use letters, numbers and special characters.

–Longer passwords are better passwords. Try eight characters or more, perhaps two words separated by an underscore or a space.

–Don’t use one password for everything. If someone hacks your Facebook account, your bank account may be next.

To remember them all, they say, an online password manager may be useful. Or you may prefer a scrap of paper in your wallet.



(Update: Note added to No. 18. The “O” in “passwOrd” there is actually a zero, but apparently didn’t show up that way in many browsers.)