If Your Password Is On This List, It’s Time To Change It

We get it. Maybe you revived your childhood obsession with Star Wars. But don’t extend that fandom to your password, or you could end up welcoming in… the dark side. And by that, we mean anyone who happens to look at the list of 2015’s Worst Passwords.

This year’s list from SlapDash uses aggregations of leaked passwords as sample sizes to nail the most popular security phrases in circulation. And as we all know — or should know — popularity is not a good thing when it comes to attackers who may be able to guess their way into your secure information.

The usual favorites our on the list again, including “123456” and “password” holding strong at the top with their positions unchanged from last year, but there are some newcomers joining the rolls that are linked to pop culture, including “starwars” and “solo,” named for one Han Solo.

Here’s the list– check it once, check it twice, and if you’re using any of the combinations or words below, right now is the time to change that:

1. 123456 (Unchanged)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. baseball (Down 2)
11. welcome (New)
12. 1234567890 (New)
13. abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. dragon (Down 7)
17. master (Up 2)
18. monkey (Down 6)
19. letmein (Down 6)
20. login (New)
21. princess (New)
22. qwertyuiop (New)
23. solo (New)
24. passw0rd (New)
25. starwars (New)

If you’re looking for a change, it’s a good idea to use passwords or phrases with 12 characters or more, with mixed types of characters (letters, numbers, punctuation) and avoid reusing the same password on different websites.

Was this helpful? We’re a non-profit! You can get more stories like this in our twice weekly ad-free newsletter! Click here to sign up.

Read Comments1

Edit Your Comment

  1. ReverendTed57 says:

    The one that stuck out to me was the new addition at #15: “1qaz2wsx”.
    Despite having no capitals or special characters, it seemed more like the strong passwords we’re expected to have, and unlikely to be on a list of “most common”. At least, it seemed that way until I imagined typing it, then it made a lot more sense.