Security Experts Reveal Most Predictable Passwords

Dennis Faas's picture

A security firm has revealed the twenty-five most common passwords used on websites. For the most part, they leave users particularly vulnerable to hacking. One reason? "Password" is still the most common password.

The list, from analyst firm SplashData, is based on login details published by hackers online. Sadly, the amount of data that becomes publicly available this way seems to be ever increasing.

Following "password", the next most popular passwords in decreasing order are "123456", "12345678" and "abc123", all of which appear to have been chosen by users who obviously cared little for the password criteria of the sites they use. (Source:

Others in the top ten include "qwerty" and "111111", the self-explanatory "letmein" and the less predictable "monkey", "dragon" and "baseball."

'Mustang' Among Most Common Passwords

SplashData has also compared today's top 25 passwords to a similar list from last year. New entries include "welcome", "jesus", "ninja" and "mustang."

However, this far down the list it's possible the new entries might reflect which particular sites got hacked this year, as opposed to last year.

The 25th spot goes to "password1", a simple way to produce a password that includes both numbers and letters.

Dictionary Words Not Secure

The choice of passwords matters because hackers have three options when using software to guess a password. The most common option is simply to try every possible combination of letters, numbers, and characters.

But this can be an impractically long process, particularly when guessing longer passwords.

A second option for hackers is simply to search for every word that appears in a dictionary. This drastically cuts the number of guesses and is the reason using a real word or phrase as a password increases the danger of being hacked.

Finally, some hackers will use a list of known common passwords. This gives them the maximum chance of getting lucky while dramatically trimming the time spent attacking each user account.

Security experts say the best passwords include something memorable that combines numbers, letters, and other keyboard characters without using any common words. (Source:

Rate this article: 
No votes yet