LastPass Hacked Customers compromised
A list of the world's worst passwords has been published showing that 'password' and '123456' remain at the top of the list Reuters

World's Worst Passwords

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1

The password has been declared dead by security experts the world over for a number of years now but without a viable alternative, it remains the preeminent way we all access our digital lives both online and offline.

And despite numerous high-profile attacks and subsequent warnings from security experts about the importance of choosing a hard-to-guess password, 2014 has proven once again that people are lazy, predictable animals.

SplashData has just published its annual list of most common passwords - or as it calls it, the World's Worst Passwords - and while there are a couple of new entries on the list, most remain terribly predicable.

"123456" and "password" remain the two most used passwords, positions they have held since SplashData began compiling this list in 2011. The list is compiled from more than 3.3 million leaked passwords collected during the year, though millions of leaked passwords from Russia, which appeared in 2014 were not included in the analysis.


As in past years' lists, simple numerical passwords remain common, with nine of the top 25 passwords on the 2014 list comprised of numbers only.

The continued use of weak passwords will be a worry for security experts but a boon for cyber-criminals who use what are known as rainbow tables of the most common passwords to easily crack user accounts.

Richard Parris, CEO of cyber-security company Intercede, said the record number of high-profile attacks last year was not enough to change people's password practices

He said: "Even with the widespread security breaches we saw in 2014 – dubbed the year of the hack – it appears consumers have continued to expose themselves to criminals through their use of weak security measures. This only goes to confirm passwords are simply not up to the task of securing people's digital assets in the modern world."

But Mark Burnett, online security expert and author of Perfect Passwords, does see some light at the end of the tunnel.

He said: "The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years. The good news is that it appears that more people are moving away from using these passwords.

"In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."