Bad habits die hard, according to SplashData’s eighth annual list of Worst Passwords of the Year. After evaluating more than 5 million passwords leaked on the Internet, the company found that computer users continue using the same predictable, easily guessable passwords. Using these passwords will put anyone at substantial risk of being hacked and having their identities stolen.

While terrible passwords such as “123456” and “password” continue in the #1 and #2 spots, respectively, President Trump’s given name debuted on this year’s list with “donald" showing up as the 23rd most frequently used password.

“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc., in a statement. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to- remember combinations.”

Each year, SplashData evaluates millions of leaked passwords to determine which passwords were most used by computer users during that year. Even with the risks well known, many millions of people continue to use weak, easily-guessable passwords to protect their online information.

2018 was the fifth consecutive year that “123456” and “password” retained their top two spots on the list. The next five top passwords on the list are simply numerical strings.

SplashData's Top 100 Worst Passwords of 2018 from John Hall on Vimeo.

SplashData, provider of password management applications TeamsID, Gpass, and SplashID, releases its annual list in an effort to encourage the adoption of stronger passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.” Presenting SplashData’s “Worst Passwords of 2018”:

Rank Password
1 123456
2 password
3 123456789
4 12345678
5 12345
6 111111
7 1234567
8 sunshine
9 qwerty
10 iloveyou
11 princess
12 admin
13 welcome
14 666666
15 abc123
16 football
17 123123
18 monkey
19 654321
20 !@#$%^&*
21 charlie
22 aa123456
23 donald
24 password1
25 qwerty123

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.

SplashData offers three simple tips to be safer from hackers online:

  1. Use passphrases of twelve characters or more with mixed types of characters.

  2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.

  3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.

See the full Top 100 Worst Passwords of 2018 here.

MacDailyNews Note: Keychain Access is Apple’s password management system in macOS. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of Mac OS, including Mac OS X, OS X, and macOS. A macOS Keychain can contain various types of data: Passwords (for Websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates, and secure notes.

Your Mac’s Keychain Access application also has a built-in Password Assistant that can help you create good, strong passwords. To get to it, just launch KeyChain Access (found in Applications/Utilities), choose File>New Password Item and use the “Password” input box to design your passwords. To gain access to more options, you can click the button with the black key icon located next to the “Password” input box which will bring up the Password Assistant which can make passwords for you (“memorable, “letters and numbers,” etc.). Both options provide a colorful bar that goes from dark red (weak) to dark green (excellent) to indicate the Password Strength.

OS X Password Assistant

Make ’em strong and unique and manage/store them with Keychain Access which works across your Macs, iPads, iPhones, etc.