The worst passwords of 2014 prove that many of us do not need to be hacked


Every year, SplashData shares a list of the most common passwords in use. Not surprisingly, that list of “common” passwords is also the list of worst passwords as well. Not only are these passwords just plain terrible, but because they are so common, they do not need to be hacked.

We shared the list a few years ago, and while the rankings will jockey back-and-forth, the changes are not always significant. For 2014, a number of new additions made the list, more than a third of the top 25 worst passwords are new to the list, or returned after dropping off in past years’ lists.

For those that are fans of Mel Brooks’ classic, Space Balls, you will be glad to know that luggage combination "12345" moved up 17 spots, while the top spot is still occupied, “123456.”: The runner-up, “password,” is also unchanged.

New to the list, and making its appearance in spot number 8, is “baseball.” Other new arrivals include, “dragon,” “mustang,” “superman,” and “696969.” As you may have seen from time-to-time, T-Mobile CEO John Legere often jokingly refers to himself as “Batman,” lo-and-behold that password made its debut to the list of Worst Passwords for 2014.

The list really contains no good news, even with possible downward trends in the use of such silly passwords like “12345678,” and “111111,” or “123123,” it still shows that most people do not take safeguarding password protected services seriously.

So, if you have shunned using a pattern lock, or 4-digit PIN to lock your smartphone or tablet (or luggage), but used one of the passwords on this list, you provided about as much protection as setting up no password at all.

Here is the top 25 list of Worst Passwords for 2014:

  1. 123456 (unchanged)
  2. password (unchanged)
  3. 12345 (up 17)
  4. 12345678 (down 1)
  5. qwerty (down 1)
  6. 123456789 (unchanged)
  7. 1234 (up 9)
  8. baseball (new)
  9. dragon (new)
  10. football (new)
  11. 1234567 (down 4)
  12. monkey (up 5)
  13. letmein (up 1)
  14. abc123 (down 9)
  15. 111111 (down 8)
  16. mustang (new)
  17. access (new)
  18. shadow (unchanged)
  19. master (new)
  20. michael (new)
  21. superman (new)
  22. 696969 (new)
  23. 123123 (down 12)
  24. batman (new)
  25. trustno1 (down 1)

Creating strong passwords is not so difficult. In lieu of using real words with numbers and symbols (like p@ssw0rd1!), instead, generate password through phrases. For example, if you take a phrase from your favorite song, like Bohemian Rhapsody, by Queen, “I see a little silhouette of a man, Scaramouch, Scaramouch!” Combine some numbers, and symbols and make your password, “1SALSOAM$$!”  Such passwords are extremely difficult to figure out through traditional brute-force hacks, and the phrase they are based on makes them very easy to remember.

source: SplashData

FEATURED VIDEO

23 Comments

1. LeBrownJames

Posts: 201; Member since: Mar 17, 2014

Hey my password is on the list! Oops...

2. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Change it now or I'll hack your data, just 25 attempts needed.

3. tech2

Posts: 3487; Member since: Oct 26, 2012

The only thing dumber then having a password from that list is to tell the internet your password is from that the list.

10. RebelwithoutaClue unregistered

I doubt he was serious though

13. Zack_2014

Posts: 677; Member since: Mar 25, 2014

Seriously? You think he actually had a password like that ? He's just trolling

15. RaKithAPeiRiZ

Posts: 1488; Member since: Dec 29, 2011

how about binary passwords -100001000111

4. LifeSucks

Posts: 54; Member since: Jan 15, 2015

How about Hindi transliterated to English passwords like "khuljasimsim"?

6. lalalaman

Posts: 638; Member since: Aug 19, 2013

i dont think khul ja simsim is used widely,u should add numbers to it for more security ps,whats ur fb account?i wanna hack it :D

5. kanagadeepan

Posts: 1260; Member since: Jan 24, 2012

How about "p0daP@nn!P@kk!P@ndaar@m" (not my real password - but a suggestion) ?? or "K!$&my@r$3" ??

8. CyberFalcon

Posts: 223; Member since: Apr 17, 2014

"p0daP@nn!P@kk!P@ndaar@m" That is a good one...

19. reckless562

Posts: 1153; Member since: Sep 09, 2013

is it south park or something?

14. Cyan3boN

Posts: 446; Member since: Feb 23, 2012

Good one, Tamilanda :) :)

17. avinash22i

Posts: 72; Member since: Nov 07, 2013

Tamila.. . Parra... Nanum tha.. .

18. reckless562

Posts: 1153; Member since: Sep 09, 2013

is this south park??? i cant get it

23. CyberFalcon

Posts: 223; Member since: Apr 17, 2014

No it is a Tamil word...

7. lalalaman

Posts: 638; Member since: Aug 19, 2013

6969696 what our new generation have come to :P

9. bahadurhussain

Posts: 17; Member since: Jan 20, 2015

People speaking other languages have an advantage on this, we can translate open sesame to khuljasimsim and batman to chimgadarbanda and superman to badhiyabanda hahah! :D

16. kanagadeepan

Posts: 1260; Member since: Jan 24, 2012

Yes... And If they allow unicode as password in future, we will have still more benefits....

20. reckless562

Posts: 1153; Member since: Sep 09, 2013

ahhhhhhh!!! so THATS what those mean!!! PREPARE now, to be HACKED!!!!! MOoHOoHOOHuuaaHAhHAHAha HAAAAAAAAWWEEE!!!

11. RebelwithoutaClue unregistered

Using words with letters changed to numbers/symbols (like P@ssw0rd1) are not really strong, brute force databases use these kind of variations too. Especially since everybody uses similar variations: a becomes @ e becomes 3 o becomes 0 and so on.

21. reckless562

Posts: 1153; Member since: Sep 09, 2013

yesss thank you!! the hackers obviously know this already. if u use this thinking it'll stop a hacker, u need to bust out one of them AOL cds or something, kuz u dont deserve ur Fios connection!!!! (at least i have time warner, but i wana real bundle!!! they even have Sunday Ticket too now (D-:) true sadness )

22. ilani

Posts: 90; Member since: Dec 23, 2011

LMAO, 'letmein'. such a classic!!!!

24. cripton805

Posts: 1485; Member since: Mar 18, 2012

My password is 18473994 I think I'm safe.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.