Skip to main content

Another year goes by, and according to a recent security survey the most commonly hacked password is still: "password."

Internet security firm SplashData trolled through millions of stolen passwords posted in online hacker forums, according to CEO Morgan Slain, and compiled a list of the 25 most-stolen ciphers.

Among the easily cracked codes were the some of the most common names for boys and girls (Michael and Ashley), sequential series of numbers (123123) and even strings based on keys closely grouped on your Qwerty keyboard (this one takes the prize: qazwsx).

Story continues below advertisement

"Hackers," Mr. Slain said in a release, "can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft." Mr. Slain said.

If you have a password that is short or common or a word in the dictionary, it's like leaving your door open."

The top 25 stolen passwords:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

SplashData provides software to help you manage multiple passwords and accounts, but even if you don't want to go that route here are their tips for password strengthening:

"Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, 'eat cake at 8!' or 'car_park_city?' "

"Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for."

Answer this question in the comments below: What's the dumbest password you ever used? (Please don't post your password unless you've wised up and no longer use it.)

Story continues below advertisement

UPDATE: Props to the readers for their clever suggestions: "********" is definitely sneaky-dumb Morty_whatever, and we should all be impressed with your civic-mindedness Scotch Bonnet. Still, the most creative (if probably still crackable) password suggestion goes to nyty nyt: "I use my Blues Name. A childhood disease followed by a US President's name: Mumps Washington, Measles Jackson, etc." Thanks for playing.

Report an error Licensing Options
About the Author
Technology reporter

Shane Dingman is The Globe and Mail's technology reporter. He covers BlackBerry, Shopify and rising Canadian tech companies in Waterloo, Ont., Toronto and beyond. More

Comments are closed

We have closed comments on this story for legal reasons. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

Combined Shape Created with Sketch.

Combined Shape Created with Sketch.

Thank you!

You are now subscribed to the newsletter at

You can unsubscribe from this newsletter or Globe promotions at any time by clicking the link at the bottom of the newsletter, or by emailing us at privacy@globeandmail.com.