We’ve said it before, and we’ll say it again. And again. And again. Passwords are important. But this message still fails to reach millions of people who pick “12345” as their password.

Independent researchers, who requested to stay anonymous, compiled and shared a list of the200 most popular passwords that were leaked in data breaches just this year. The database is quite impressive — 500 million passwords in total. And if you think that’s a lot of leaked passwords, we have some bad news for you — it’s just the tip of the iceberg.

2019 saw a lot of data breaches that affected billions of internet users. Collections 1-5 alone contained almost 3 billion accounts. With data breaches becoming so commonplace, internet users need to step up their cybersecurity game.

Sports, women’s names, and food

The most popular passwords contain all the obvious and easy to guess number combinations (12345, 111111, 123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.). Surprisingly, the most obvious one — “password” — remains very popular; 830,846 people still use it.

Top 200 Passwords from 2019 (click to expand)
  1. 12345
  2. 123456
  3. 123456789
  4. test1
  5. password
  6. 12345678
  7. zinch
  8. g_czechout
  9. asdf
  10. qwerty
  11. 1234567890
  12. 1234567
  13. Aa123456.
  14. iloveyou
  15. 1234
  16. abc123
  17. 111111
  18. 123123
  19. dubsmash
  20. test
  21. princess
  22. qwertyuiop
  23. sunshine
  24. BvtTest123
  25. 11111
  26. ashley
  27. 00000
  28. 000000
  29. password1
  30. monkey
  31. livetest
  32. 55555
  33. soccer
  34. charlie
  35. asdfghjkl
  36. 654321
  37. family
  38. michael
  39. 123321
  40. football
  41. baseball
  42. q1w2e3r4t5y6
  43. nicole
  44. jessica
  45. purple
  46. shadow
  47. hannah
  48. chocolate
  49. michelle
  50. daniel
  51. maggie
  52. qwerty123
  53. hello
  54. 112233
  55. jordan
  56. tigger
  57. 666666
  58. 987654321
  59. superman
  60. 12345678910
  61. summer
  62. 1q2w3e4r5t
  63. fitness
  64. bailey
  65. zxcvbnm
  66. fuckyou
  67. 121212
  68. buster
  69. butterfly
  70. dragon
  71. jennifer
  72. amanda
  73. justin
  74. cookie
  75. basketball
  76. shopping
  77. pepper
  78. joshua
  79. hunter
  80. ginger
  81. matthew
  82. abcd1234
  83. taylor
  84. samantha
  85. whatever
  86. andrew
  87. 1qaz2wsx3edc
  88. thomas
  89. jasmine
  90. animoto
  91. madison
  92. 0987654321
  93. 54321
  94. flower
  95. Password
  96. maria
  97. babygirl
  98. lovely
  99. sophie
  100. Chegg123
  101. computer
  102. qwe123
  103. anthony
  104. 1q2w3e4r
  105. peanut
  106. bubbles
  107. asdasd
  108. qwert
  109. 1qaz2wsx
  110. pakistan
  111. 123qwe
  112. liverpool
  113. elizabeth
  114. harley
  115. chelsea
  116. familia
  117. yellow
  118. william
  119. george
  120. 7777777
  121. loveme
  122. 123abc
  123. letmein
  124. oliver
  125. batman
  126. cheese
  127. banana
  128. testing
  129. secret
  130. angel
  131. friends
  132. jackson
  133. aaaaaa
  134. softball
  135. chicken
  136. lauren
  137. andrea
  138. welcome
  139. asdfgh
  140. robert
  141. orange
  142. Testing1
  143. pokemon
  144. 555555
  145. melissa
  146. morgan
  147. 123123123
  148. qazwsx
  149. diamond
  150. brandon
  151. jesus
  152. mickey
  153. olivia
  154. changeme
  155. danielle
  156. victoria
  157. gabriel
  158. 123456a
  159. 0.00000000
  160. loveyou
  161. hockey
  162. freedom
  163. azerty
  164. snoopy
  165. skinny
  166. myheritage
  167. qwerty1
  168. 159753
  169. forever
  170. iloveu
  171. killer
  172. joseph
  173. master
  174. mustang
  175. hellokitty
  176. school
  177. Password1
  178. patrick
  179. blink182
  180. tinkerbell
  181. rainbow
  182. nathan
  183. cooper
  184. onedirection
  185. alexander
  186. jordan23
  187. lol123
  188. jasper
  189. junior
  190. q1w2e3r4
  191. 222222
  192. 11111111
  193. benjamin
  194. jonathan
  195. passw0rd
  196. 0123456789
  197. a123456
  198. samsung
  199. 123
  200. love123
Why has nothing changed?

Year after year, we see the same passwords at the top of the “worst passwords” list. Why do people keep on using them?

The first reason is that they are easier to remember. Simple as that — most people prefer to use weak passwords rather than strain themselves by trying to remember long, complex ones. Unfortunately, it also means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts are automatically compromised too.

Second — they think they have nothing to hide. However, you lock your door when you leave the house. Even if there’s nothing valuable inside, you still wouldn’t like strangers going through your personal belongings. So why not apply the same logic to your online life?

You might not have anything to hide, but what if you end up locked out of all your accounts — email, the file storage where you keep all your photos, social media, etc.? Imagine having to pay thousands of dollars in ransom to regain access. A weak password is a disaster waiting to happen, so take action to stop it before it’s too late.

The solution

You can easily avoid these problems by maintaining good password hygiene.

  1. Go over all the accounts you have and delete the ones you no longer use. If a small, obscure website ends up breached, you might never even hear about it. You can use haveibeenpawned.com to check if your email was ever in a breach.

  2. Update all your passwords and use unique, complicated ones to safeguard your accounts. Employ our password generator below to make sure they are impossible to guess.

    Below is an auto generated password using 16 characters.
    9fc9Yf6DARCPf8#K

    Copy and paste into the password checker below and see how long it would take to crack the password. In this case “size does matter.”


  3. Use multi-factor authenication if you can. Whether it’s an app, biometric data, or hardware security key, your accounts will be much safer when you add that extra layer of protection.

  4. Set up a password manager. Password managers are easy to use, usually syncing across all our devices, and you won’t have to worry about your passwords ending up in the wrong hands. You will only need to remember one master password and forget about the rest. Password managers will do the work for you.

  5. Make sure to check your every account for suspicious activities regularly. If you notice something unusual, change your password immediately.

Data is getting more and more valuable. So as breaches continue to happen, users need to protect their data themselves. So, all the Michelles from Liverpool who like sunshine and dragons, please change your passwords right now.

Previous Post Next Post