Here are the 25 worst passwords of 2014 – and yes, ‘123456’ is one of the worst offenders

With all of the data breaches and online security scares in the last year or two, you’d think people would be more careful in choosing decent passwords.

Unfortunately, you’d be wrong. On Tuesday, SplashData released its list of the 25 most common passwords among Internet users, dubbing these as the “Worst Passwords” of 2014. And if you look at number one, you can see why there won’t be any points awarded for creativity here:

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 1234567890
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

To build this year’s list, SplashData tapped Mark Burnett, an online security expert and the author of a book called “Perfect Passwords.” While this is the first year SplashData has worked with Burnett, this is the fourth year SplashData has put together this list, so there’s a little bit of continuity here.

Like last year, the top password of 2014 was “123456.” The second-most common password in 2014 was the very original “password,” and there were a number of other repeat offenders, like “12345678” and “1234.”

However, there were also a few new entries in there as well, like “baseball,” “dragon,” and “football.” The name “michael” and superheros “superman” and “batman” also enjoyed newfound popularity, landing on this list somewhere towards the bottom.

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Burnett in a statement.

“The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 [per cent] of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

In creating new passwords, the trick is to avoid anything that’s easily guessable, or that only includes numbers. Sequences are also a poor choice (for example, the first row of letters and numbers on your keyboard), even if they’re easy to remember. Other things to avoid are favourite sports, birthdays, birth years, and people’s names. Common names that made the top 50 worst passwords included “jennifer,” “thomas,” “jordan,” and of course, “michael.”

By comparison, stronger passwords might include eight characters or more, with a mix of letters, numbers, and symbols. SplashData also recommends avoiding using the same passwords for multiple sites, or to use a password manager service.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs