If You Use Any Of These Passwords, You Should Totally Change It Right Now!

The 25 Most Popular Passwords of 2013: God Help Us

Passwords are a fact of life and we've all had some bad ones, but if you use one of the following 25 password you might want to rethink your strategy! These are the 25 most common passwords according to SplashData, and there are some humdingers in there!

1. 123456 (Up 1)

2. password (Down 1)

3. 12345678 (Unchanged)

4. qwerty (Up 1)

5. abc123 (Down 1)

6. 123456789 (New)

7. 111111 (Up 2)

8. 1234567 (Up 5)

9. iloveyou (Up 2)

10. adobe123 (New)

11. 123123 (Up 5)

12. Admin (New)

13. 1234567890 (New)

14. letmein (Down 7)

15. photoshop (New)

16. 1234 (New)

17. monkey (Down 11)

18. shadow (Unchanged)

19. sunshine (Down 5)

20. 12345 (New)

21. password1 (Up 4)

22. princess (New)

23. azerty (New)

24. trustno1 (Down 12)

25. 000000 (New)

This list was made possible by the Adobe hack that liberated 38 million passwords from their users. This explains why Adobe123 is one of the most popular on this list, but I think what we're seeing here is that plenty of people use the word of the program they're using in their actual password. Not the best idea I'm sure you'll agree.

The most terrifying thing is that, reading through the password list, I can feel the reasoning. Like I can literally understand why certain people chose certain passwords. I can read my own train of thought in this password. That is scary. It means that I am vulnerable. It means that I could, most likely, be hacked with ease.

[Immediately goes and changes all passwords]

Worst passwords of 2013 - our annual list updated [Splashdata]

Via Gizmodo


    That's amazing. I've got the same combination on my luggage.

      this comment deserves way more votes.

        And change the combination on my luggage!

      This probably went over many heads, but I for one appreciated it.

        One of my favorite memories of recent years was my kids being both old enough, and enjoying Star Wars enough, for me to play Spaceballs for them. Much hilarity was had.


    Using the product/service name plus something secret is somewhat better than sharing the same password between services. At least it prevents a leaked password from being used to directly access another site.

    Better yet would be to use a password manager that can generate random passwords for you.

      That is brilliant and something I've genuinely not heard of.

        Just make sure you don't pick "123" as the shared secret portion of your password :)


      yeh man after my origin account got hacked I took the plunge and went with 1Password - https://agilebits.com/onepassword. Only pain is having to go into the app on your phone and copy the crazy jumble password you generated every time you want to make a purchase on the app store - or worse signing into psn and having to enter it via the controller looking back and forth from your iPhone... but no one will guess my passwords!! not even me

        I went with www.lastpass.com but it looks very similar. I makes everything nice and secure, but you need to think a little bit more about your access. For example you can get extensions for Chrome and Firefox, but if you use someone elses machine, you have to login to the Lastpass website, copy the random password and then back to the site you want to login with.

        But as with your example of PSN, it annoys me so much I changed it back to something I could remember, same with my Google account for the Play Store!

      Interestingly: XKCD on password strength: https://xkcd.com/936/



    I hate this era of passwords more than anything, every month a website/service i frequently use is wanting to add more and more #%$%^ to my pass word, like email verification (because hacking an email is hard right?) or yet another phone app or sms.

    Worse yet they want a lowercase and upper case and a number AND a !@@#$%^&* letter and it has to now be 15 letters long instead of 8 and On it goes, and they expect people to remember individual passwords for the literal 10-30+ sites and services, yeah I don't think so.

    The worst part is all these "measures" actually make it easier for computers to hack, things like adding Qasdfg1! are very easy fora computer to dechiper so to speak, where as (from an article i recently read) the hardest thing for a computer to crack is an actual string of words like Brownyetimilk. the inherent problem here is that we now have paswords that are hard for us to remember and easy for computers to crack, by comparison Brownyetimilk is easy for a human to remember and very hard to hack.

    The sooner someone invents and ingenious method for account verification the better the world will be and the how insanely filthy rich that person would be.

      Actually, cracking passwords that are a combination of random dictionary words like 'Brown yeti milk' is very, very easy with a computer. It's almost as easy to break as a 3-character password. Keyboard sequences like Qasdf are usually hard-coded into a cracker's dictionary as well so they'll also be pretty easy. The best passwords are random or seemingly random combinations of characters (eg take a long phrase you can easily remember and take the first or second letter of each word, capitalize some of the letters and replace some others with symbols or numbers).

      Don't disagree that there needs to be a better way than passwords though.

        That's interesting that you claim the exact opposite, did you read it elsewhere have some kind of computer hacking knowledge or is it just guessing?

        I'm going to look further right now infact.

        Okay found 2 sites, once states that you were correct another states I was close. Quote from one that agree'd with me of course :P

        "Length won't necessarily make your new password harder for you to remember. Any four common, unrelated words that add up to more than 12 characters is now considered one of the most secure password configurations. "


        But basically as long as it 12 Characters or more atm seems to be the way to go.


          Ars Technica has run a few interesting articles on password cracking recently. Here's one:

          Dictionary attacks are very common and very easy. How feasible the cracks are will depend a lot on how the password was hashed in the first place though, eg if the hash was salted properly then an entire rainbow table has to be generated for each hash, though there are other techniques for doing dictionary attacks and for generating rainbow tables in a more optimal manner.

          EDIT: Length is the most important thing for a good password, yes. But using four common words to get that length is not a good way to do it,

            Yep gave a quick once over, its the COMMON part that is the problem from what I can tell. As long as you find 4 odd unrelated words and perhaps a non word you've made up, it becomes a monster password to crack.

              At the moment, yeah. But all it takes is one of the crackers adding that list of terms in Klingon or Quenya and you're fucked again.

              EDIT: Also bear in mind that a lot of the password sets being exposed by leaks and cracks will have stuff that's stale, from accounts long since abandoned. Would a password you made up in 2010 still be hard to crack now? (Though this is why changing it every 3-4 months minimum is a best practice)

      lol, was this article the link @transientmind posted... https://xkcd.com/936/

    Like "Totally"?

    Love the X files reference at 24. Mulder actually had to use that one episode for those who don't know.

      Yes, I used to use that as my password too - a long time ago.
      I've gotten smarter since.

    Damnit. All 25 of my passwords made the list.

    'hunter2' isn't there, so that means my banking accounts shall be safe

      This needs more hunter2-ing likes

    Time to test those passwords.
    "PI=3.1415926534" is my favourite. It'll take about 37 billion years to hack it. (Not that I'm actually using it, mind you.)

      I didn't go there, but I have to assume the answer is the same for every one you try there: Not very, since you just told it to us.

    I have around eight thousand websites and applications which require passwords which have been steadily growing since the 90s. To successfully identify every single one would be... pretty much impossible.

    I'm pretty happy with my approach of being 'moderately secure', and 'just deal with the fallout' of whichever isolated component falls over and/or is actually exploited. The odds of being out any actual money are slim to none when you factor in the strength of bank security and their obligation to protect it even from social engineering.
    (And my sneaking suspicion/hopeful fantasy that many institutions aren't entirely above sending hitmen to identify and make an example of any truly troublesome perpetrators.)

      This is pretty much my view too. There is so much need for passwords on the net that, even if I didn't have memory problems, it would be impossible to remember a unique password for every site. And I can't be assed to use a password locker app.

        My GF had one of those on her phone, which broke. Worse, she had some kind of ultra-elaborate set-up so that she couldn't even tell what her 'source' gmail address was underneath all the layers of forwarding/protection/filter-tool stuff. She had, at one point while setting it up, sent me a mail from the source address in error, and that was enough to retrieve all her shit. But busting that phone seriously screwed her ability to access... pretty much the keys to her life.

        I am very leery of any automated management systems for these things. I prefer a more manual, consistent attitude. Many of my addresses haven't changed in the last couple decades (woo, early adoption), and the only time that's bit me in the ass was with web-hosting which got hacked (and still gets hacked, repeatedly, which I can't effectively stop - to the point I'm probably going to have to pack up most everything and move it for a while), and Skype, who wouldn't reset my password for me until I provided them with some impossible-to-remember receipt details from 2003.

Join the discussion!

Trending Stories Right Now