Skip to main content

Here are the Worst Passwords of 2014 (123456 Still Tops the List)

5420852204_639dc2b899_b We read in the news all the time about major security breaches as a result of hackers outsmarting or overpowering a system’s defenses, but in reality many passwords are so weak that they render even the toughest defenses irrelevant.

SplashData just released its 4th annual annual list of the most popular worst passwords.  They dug through around 3.3 million passwords leaked in 2014 to come up with a list of the passwords that most of us are using on one site or another. "123456" continues to top the list, followed by "password", the cleverly shortened "12345", "12345678", and "qwerty".

"The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Mark Burnett, online security expert and author of Perfect Passwords. Burnett collaborated with SplashData on the list.  "The good news is that it appears that more people are moving away from using these passwords."  Burnett added: "In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies."

Three new words in the top ten are baseball, dragon, and football, which at least shows that users are putting some effort into coming up with terrible passwords. That is a slight improvement over last year.

6818192898_c132e81824[1]In all honesty, I use several of the top five as passwords on throwaway accounts which I don’t feel I need to secure or I don’t plan to use again. I know I shouldn’t, but if the account doesn’t contain any data worth securing then I don’t feel that it’s worth the effort to add a password which I will soon forget.

Yes, we all should be using more complex passwords, but the reality is that the average internet user has so many passwords that they cannot possibly remember them all. And that is doubly true when most systems require passwords which are hard to remember but easy to hack.

I feel that passwords are being overused to the point of user exhaustion, and that’s why I am thrilled when I can log in to a site with an existing Twitter or Google account (but not Facebook). It saves me the effort of remembering yet another password/username/email combination (I couldn’t even guess how many I have forgotten over the years).

The top 25 most commonly used bad passwords are:

  1. 123456 (Unchanged from 2013)
  2. password (Unchanged)
  3. 12345 (Up 17)
  4. 12345678 (Down 1)
  5. qwerty (Down 1)
  6. 1234567890 (Unchanged)
  7. 1234 (Up 9)
  8. baseball (New)
  9. dragon (New)
  10. football (New)
  11. 1234567 (Down 4)
  12. monkey (Up 5)
  13. letmein (Up 1)
  14. abc123 (Down 9)
  15. 111111 (Down 8)
  16. mustang (New)
  17. access (New)
  18. shadow (Unchanged)
  19. master (New)
  20. michael (New)
  21. superman (New)
  22. 696969 (New)
  23. 123123 (Down 12)
  24. batman (New)
  25. trustno1 (Down 1)

images by mliu92elhombredenegro

Similar Articles


purple lady January 20, 2015 um 12:36 pm

Why shouldn’t you use one of the top five for throwaway accounts? Or for accounts with data you don’t need to secure? So many sites require signing in that really don’t need to and I never give real data to them anyway. I wonder how many of the passwords in the top five are for throwaway accounts and how many are used at financial institution sites or sites that have your credit card. That would give a better idea if people are really using bad passwords where they shouldn’t.

Write a Comment