What were the worst passwords of 2013?

24th January 2014

Choosing passwords for email, online services and mobile apps is always tricky. Trying to think of something memorable but also difficult for others to guess, or hack, can sometimes mean spending time staring at a screen, tapping fingers on a desk, or a entering a general Zen-like state whilst waiting for password inspiration.

Many people end up choosing passwords from a common list of well-know generic ones. This isn't a good idea because any hacker trying to access any of your online accounts is going to try all the most common passwords first. Every year SplashData publish a list of the most common passwords they've found. If your password is on this list then change it before someone else takes over your account.

This year's list shows some changing trends in passwords. Firstly, it's the first time the word 'password' hasn't been the most popular password and people are increasingly using short numerical passwords like '1234'.

Passwords to avoid

The top 25 passwords on SplashData's list were:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

This year's list was influenced by Adobe's password breach in 2013, which saw a large number of user account details (including passwords) posted online. Though not in the top 25, users of Adobe's online services were commonly using passwords such as 'photoshop' or 'adobe123'. As Morgan Slain, CEO of SplashData commented:

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing."

To improve your online security we always recommend users follow particular guidelines:

  • Don't use the same password for multiple accounts - If someone acquires your password on one service, they can access the others.
  • Change passwords regularly - You don't have to change it every day, but regularly altering your password reduces the chances of people working it out.
  • Avoid common password - If your password is on the 25 worst passwords list, then change it now.

Selecting passwords doesn't have to be difficult. Using random characters and numbers isn't always the most secure option, as this XKCD comic highlights:

XKCD Password Strength

Certified Partners

partner microsoft
partner cisco
partner blackberry-3
partner dell
partner enom
partner netapp
partner nominet
partner parallels
partner sagepay
partner telecitygroup
partner vmware
partner zimbra