Tech Made Simple

Hot Topics: CES 2020 | Browse the Web Anonymously | Complete Guide to Facebook Privacy | How to Block Spam Calls

Top News Stories

author photo

These are the Worst Passwords of 2019

by on December 18, 2019
in Computer Safety & Support, News, Computers and Software, Blog, Privacy :: 0 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

As the year comes to a close, a lot of us are thinking back on the year that was… but are have you bothered to consider your 2019 passwords?

A good password will keep your online accounts safe, from your bank account to your Amazon account. But even though we know we should create secure passwords, a lot of us don’t. Complex, unique passwords can be a nuisance to remember (especially since security experts recommend using a different password for every site), and it’s easier to skip the headache and go with something simple.

However, SplashData’s list of the worst passwords of 2019 — which was compiled from the millions of passwords that were hacked this year —suggests plenty of people aren’t making much effort to create secure passwords. The top five passwords don’t vary too much from year to year… which means people keep using the same predictable passwords, which make it easy for anyone to get into their accounts. Here are this year’s top 25 passwords:

  1. 123456 (unchanged)
  2. 123456789 (up 1)
  3. qwerty (up 6)
  4. password (down 2)
  5. 1234567 (up 2)
  6. 12345678 (down 2)
  7. 12345 (down 2)
  8. iloveyou (up 2)
  9. 111111 (down 3)
  10. 123123 (up 7)
  11. abc123 (up 4)
  12. qwerty123 (up 13)
  13. 1q2w3e4r (new)
  14. admin (down 2)
  15. qwertyuiop (new)
  16. 654321 (up 3)
  17. 555555 (new)
  18. lovely (new)
  19. 7777777 (new)
  20. welcome (down 7)
  21. 888888 (new)
  22. princess (down 11)
  23. dragon (new)
  24. password1 (unchanged)
  25. 123qwe (new)

Even if you aren’t a security pro, you can probably see a problem here. Eight of those passwords are simply a straight row of characters across the keyboard (presumably to whatever number of characters a particular password requires). And they aren’t the only patterns on the list: “111111” and “555555” are even lazier. Then there’s the perennial “password,” which is certainly easy to remember — but it’s also the first password any hacker will try. A variation on this basic password is also inevitably on the worst passwords list: “password1” may be a little more complicated than the simple “password,” but it isn’t much better. If “password” is a hacker’s first guess, this will be the second.

We are seeing a little more originality with new additions to the top 25 using the first two rows of the keyboard. New for this year are "1q2w3e4r" and "123qwe".

So how can you keep your online accounts — and thus your personal information — safe? The first step is making sure none of your none of your password are on SplashData's worst passwords of the year list. If you are, you should log on and change them immediately. Then make sure you’re creating a strong password. A good password needs to:

  • Have least 8 characters.
  • Include capital letters, numbers, and ASCII characters.
  • Not follow any pattern, like “123456” or “121212.”
  • Not use a dictionary word, common phrase, a movie name or anything similar. (Sorry, Star Wars fans, but you shouldn’t express your enthusiasm in your password.)
  • Not include your name or significant dates, like your birthday or anniversary. Names are a common feature on the worst password list, and using this kind of personal information makes your password very easy to guess.
  • Never be used across multiple sites, which means that when one site is hacked, all of your passwords are compromised.

If sites support it, you should also use two-factor authentication, which requires both a password and a randomly generated code, which is typically displayed in an app or texted to you whenever you log on. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. While not every site offers two-factor authentication, most sites containing sensitive personal information will, including most banking sites. If you aren’t sure whether your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.

 Now the next question: how can you remember all of these unique, complicated passwords? We recommend that everyone use a password manager. These secure apps will store your passwords — though you have to remember to add them, first — and require a login to access them. Many are apps that run on your phone, but you’ll also find PC and web-based password managers. 

So why not make a New Year’s resolution to improve your passwords? Using good passwords isn’t as hard as you think — and it will help you avoid the headache of hacks throughout 2020.

[Image credit: password on sticky note via Shutterstock]



Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Newsletter Archive
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.

site design: Juxtaprose