The worst passwords of 2019...have we learned nothing?

Those that follow this blog will remember that we wrote about the worst passwords of 2018 at the beginning of the year. This blog proved to be popular, with many surprised at the sheer prevalence of weak passwords.

2019 seems to have again been no different, proving that bad habits do die hard, and many of us are still willing to risk putting our accounts and personal information in the firing line of cyber criminals.

Would you like to become a cyber security champion? Download our FREE White Paper >>

Passwords are important. But this message still fails to reach millions in the online world. American newspaper USA Today highlighted just how much a bad password can affect us when they said “Your password can ruin your life. I know that sounds dramatic, but it’s true. If someone figures out the password to your email, you’re in trouble. Social media? Even worse. Once hackers access your online bank account, they can wreck your finances, and you may feel the repercussions of that break-in for years”. While this comment has focused on how poor password practices impact us personally, it is important to keep this in mind the affect it can have on a business. A successful cyber-attack can lead to the loss of critical business data including the personal information of customers. If this happens, you risk being faced with not only financial but devastating reputational implications.


The worst passwords of 2019


2019 saw a number of data breaches impacting billions of users on the internet; the first six months of 2019 saw more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records. With cyber-attacks becoming commonplace nowadays, we all need to step up our cyber security game to have a chance at keeping our personal and business data safe.

Each year SplashData evaluates more than 5 million leaked passwords and their 2019 list of the most commonly used passwords has recently been released. “Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” said Morgan Slain, CEO of SplashData. “It’s a real head-scratcher that with all the risks known, and with so many highly publicised hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year."

To no surprise, ‘123456’ took the lead for the most commonly used password (for the sixth consecutive year!), with ‘password’ losing its spot and being pushed down from 2nd place in 2018 to 4th place this year. Moving up the list was ‘123456789’ and ‘qwerty’, which have both gained 2nd and 3rd place in comparison to last year.

So, here they are, the top 10 most commonly used passwords, according to SplashData.

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

You can view the full list here.

Looking at the first 10 on the list, it is clear that these can be easily guessed. The risks associated with passwords are significant. Therefore, if you recognise any of the passwords on the list, we strongly suggest you put fixing your passwords as a top priority in 2020.

If you’re struggling to know where to start when it comes to creating a strong password, why not check out our complete guide for creating a password that doesn’t SUCK here.

People are continuing to use these simple and easy to guess passwords mainly because they are easy to remember. Understandably, it is difficult to remember lots of passwords, which is why people keep them simple and re-use them. Other reasons involve users believing they aren’t a target and because they haven’t been hacked… yet. Data is getting more and more valuable, so anyone with an account in the online world is a target.

Password hacking software’s have evolved massively over the past couple of years and made it easier than ever for cyber criminals to crack millions of password options in minutes. For example, in a brute-force attack hackers will have a software that tries to guess every possible combination until it hits yours. They often begin with the most commonly used passwords first and then move onto the more complicated phrases.

SplashData estimate that almost 10% of people have used at least one password on this year’s list. Good password hygiene will help to keep your accounts out of the hands of hackers. Some of our practical tips include:

  • Delete all accounts you no longer use
  • Update all your passwords to use passphrases of 12 characters or more with mixed types of characters
  • Use a different password for each of your accounts
  • Use a password manager to help you organise, remember, and generate secure random passwords
  • Always use two-factor authentication (2FA) to add an extra layer by being something you know, and something you have

In an era where passwords are used for nearly everything we do, and one where login data are compromised by the millions, it must be time to seriously think about your cyber security defences. A weak password is a disaster waiting to happen, 2020 is the year to take action before it’s too late!

Are you ready to take control of your cyber security? Why not get started by downloading our FREE White Paper >>

Download our Cyber Security White Paper

Subscribe Here!

Recent Posts

Posts by Tag

See all