clock menu more-arrow no yes mobile

Filed under:

Many Passwords Are So Bad They Don't Even Need to Be Hacked

No, 123456 is not a good password. Nor is "password."

While a lot of attention is given to high profile account breaches, the truth is many passwords are next to useless because of their simplicity.

Each year, SplashData releases its list of the worst passwords. Many atop the latest list are repeat offenders, such as the top two, “123456” and “password,” which were also atop the prior year’s list.

Two new passwords in the top 10 are “696969” and “batman.” Evidently those looking for an easy-to-remember password were feeling less affectionate in 2014, as “iloveyou” fell off the list.

Sports teams, popular children’s names and curse words are all well represented in the list of the 100 most common passwords, as are sequential keys on the keyboard.

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Mark Burnett, an online security expert and author of “Perfect Passwords,” who collaborated with SplashData on the list. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

For those who need a little help, Microsoft has this tool to help create better passwords. Of course, the more important breakthrough will be when the tech industry finally does away with this flawed security approach.

Personally, I take my inspiration from this scene from “Spaceballs.”

Here are SplashData’s top 10 worst passwords:

This article originally appeared on

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.