Which are the worst passwords for 2018?

December 15, 2018  By Pierluigi Paganini


Which are the worst passwords for 2018? SplashData report confirms that  123456 is the most used password for the 5th year in a row

Bad habits are hard to die, 123456 is the most used password for the 5th year in a row followed by “password”.

Even if security experts continue to make awareness campaign, people continue to use bad habits exposing their data to the risk of hack.

SplashData published for the 8th year in a row the worst passwords list, the annual report is based on the analysis of more than 5 million leaked passwords.

Below the 2018 top 10 most used passwords are:

  1. 123456
  2. password 
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567 
  8. sunshine
  9. qwerty
  10. iloveyou

“Bad habits die hard, according to SplashData’s eighth annual list of Worst Passwords of the Year. After evaluating more than 5 million passwords leaked on the Internet, the company found that computer users continue using the same predictable, easily guessable passwords.” reads the
press release published by SplashData.

“Using these passwords will put anyone at substantial risk of being hacked and having their identities stolen.” 

This year, President Trump appeared for the first time in the list of the worst password with “donald” showing up as the 23rd most frequently used password.

Unfortunately, people are still using celebrity names, terms from pop culture and sports, and simple keyboard patterns, a gift for hackers that can use them to compromise their online accounts.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” said Morgan Slain, CEO of SplashData, Inc. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

Experts suggest the adoption of string passwords and the usage of a unique password for every service they access. Passwords should contain at least 8 characters, upper and lower case letters, numbers, and symbols (i.e. %$#!.). 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – passwords, hacking)

[adrotate banner="5"]

[adrotate banner="13"]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Magellan RCE flaw in SQLite potentially affects billions of apps

 Security experts at Tencent's Blade security team discovered the Magellan RCE flaw in SQLite database software that exposes...