Worst Passwords of 2015 Revealed

Security provider SplashData has released its annual “Worst Password List” for 2015, and the results are as depressing – and predictable – as ever. While last year’s entries boast some of the longest bad passwords ever featured during SplashData’s five years of compiling its worst password lists, they are certainly no more secure.

The top-25 worst passwords have not changed much in the last 12 months, though the revised list – which has lost “batman” and “superman”, but gained “starwars”, “solo”, and “princess”, which could delight J.J. Abrams at the expense of Zack Snyder – does offer an interesting glimpse into the cultural zeitgeist. Though, “trustno1” has faded from view since last year, which surprises considering the recent revival of The X-Files.

The reigning champions, in first and second place, respectively, are “123456” and “password”, retaining their positions from 2014, while new, terrible entries include “welcome”, “1qaz2wsx” (the first two lines of keyboard characters, vertically), and “login”. While “dragon” has dropped 7 places, it remains curiously popular.

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 Login New
21 princess New
22 qwertyuiop New
23 Solo New
24 passw0rd New
25 starwars New

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” Morgan Slain, CEO of SplashData, said. “As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

Image courtesy of Wired.