The 25 worst internet passwords

Online security experts SplashData has been compiled a list of the most hacked passwords.

worst passwords, passwords, internet security, Australia, technology

SplashData has released their “25 worst passwords of 2011” as reported by PCWorld.

The list has been compiled by researching the most hacked passwords on the internet. The perennial favourite of “password” heads the list, followed by some predictable sequences like “123456” and “abc123”.

But the most surprising would have to be “monkey”, which made it to number six on the list. That means a lot of people have been going bananas after being hacked despite their seemingly obscure password. And then there’s “dragon” at number ten. Perhaps there’s a whole raft of 70s and 80s Australasian rock fans out there?

Here are the top ten worst passwords from the list:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Are you guilty of using any of these? If so, it’s probably time to change them. Refer to our data security article for some handy hints on choosing better passwords.

Do you have any additional tips for password security? Or would you like to share some of the worst ones you’ve heard/used? Tell us.


    To make a comment, please register or login
    23rd Nov 2011
    Worst passwords I ever heard are -
    1. beatthis
    2. nochance
    3. youlose
    4. donttry
    All obviously created in arrogance, throwing down the challenge.
    23rd Nov 2011
    And then there’s “dragon” at number ten. Perhaps there’s a whole raft of 70s and 80s Australasian rock fans out there?

    I think more likely there are a lot of Harry Potter fans out there
    25th Nov 2011
    This one too obvious too, the password of a rum lover...bundy bundy
    28th Jan 2013
    My problem with passwords is that you have to have so many it is impossible to remember them. I find it very difficult remembering more than just a couple. There needs to be a more user friendly AND more secure method of protecting yourself than passwords. Even password helper programs are difficult to use properly or if not difficult to use, they are not transferable to your other devices so the passwords they create still have to be remembered - not likely.
    Andy Leucite
    19th Apr 2013
    The final straws on passwords came for me a few weeks ago when I registered with Centrelink for internet access to its correspondence with me (after they have cancelled many statements they used to post me - now they save on postage and printing, but I carry the the cost of printing - there should be a paid allowance for that!). As is common with many organisations, there were intricate instructions on what kind of passwords not to use, and stern warnings that the password chosen should not follow all kinds of patterns that they decree as being unsuitable, and of course must not coincide with any other password used for any other purpose, and should not be written down anywhere! Have Centrelink forgotten who they are often dealing with? The difficulty of compliance with their guidelines and rules is bad enough for a young, sharp minded person, but many of its clients are, like myself, well into the senior ranks, and would occasionally have trouble remembering what they had for breakfast yesterday, much less yet another password, or even which is the required one from a whole string of passwords they have for a whole string of different uses!

    About the same time I went into two banks to have PINs (note I'm still with-it enough to know that the expression "PIN number is a tautology!") installed on existing signature-only credit cards, because we are planning to visit Europe before the year is out. I was asked in both cases to type a new (and of course exclusive, and never-to-be-written-down) PIN for each card. When I made the mild comment that the proliferation of requests for PINs, again all exclusive never-to-be-written-down, was starting to be quite taxing and beyond the compliance of most normal people, each of the staff said, yes, they agreed and that they themselves used the same PIN for everything, credit and debit cards, ATM cards, on-line accounts, ticket ordering systems, phones etc. etc.!!!! So those making the rules (are close to those making them) don't abide by them! The sooner someone introduces some kind of practical universal personal recognition security system the better for us all - old and young!
    27th Apr 2014
    Maybe you should tell them your computer isn't operating and play them at their own game.
    24th Apr 2013
    The problem of passwords is easy to solve.
    Use a phase.
    They are easy to remember yet very hard to crack, see this video for a full explanation:
    Choose a phrase that means something to you and is something you will never forget. Make it eight words long. The video explains all.
    You need a minimum of three password, one that is very secure, you never write it down or tell anyone, this one you use for financial transactions only. Second password is for everyday use also secure but not the end of the world if you make a cryptic note of what it is. Third password is for competitions, promotions.
    My standard login to this site and most other sites is Biblo47 and 'standard' password. I can safely write this down because I know what my standard password is but nobody else does.

    8th May 2013
    Beware of scams to find out your passwords. I got caught by one recently. I received an email from Yahoo saying that my password had been hacked by someone in USA and that I needed to change it. I had to fill out a form revealing my password and then change it to something new. I innocently did so but the page kept looping back saying it couldn't accept my new password so I kept trying another one and so on. I used passwords I had for other things knowing I would remember them. Still no success so I asked my son to help me. He told me it was a scam and he then helped me to change my passwords to everything because I had revealed them all. If anyone receives a similar email do not respond.
    Beach Nanny
    5th Jun 2013
    to remember a pin store a name on your mobile
    start with the usual 4 digits then the last 4 your pin. this helped me out when i was upset and the memory bank went blank
    Beach Nanny
    27th Apr 2014
    Yes but include other numbers at the beginning or end of it. Maybe make it look like a phone number with a person's name attached to it.
    Prior to mobile phones at the company I worked for you had to change your password every 4 weeks. If you had holidays at the wrong time you had to remember your old one to put a new one in.
    9th Jul 2013
    I agree about having too many passwords. I have a list of them on my computer in a password protected file. Makes life easy for me. You need to know where the file is in order to open it so if you put it somewhere 'different' to 'My Documents' it can be much safer. A useful password that not many would be able to guess is your mother's maiden name - or middle name. The only problem I have ever had is forgetting a password!
    18th Jun 2014
    I am glad I am not the only one who has forgotten a password. Maybe it is because I use them on different sites
    15th Dec 2015
    I use a similar system Disco3 but as I know that it's nearly impossible to hide files from experienced hackers, I use cryptic messages to jog my memory rather than the actual password. EG, I used to live in another town so if I use the old phone number for that residence as a password, I write "Brissie - call me". It works for me and I hope it's safe but one never knows.
    9th Jul 2013
    Disco3, Any words that appear in the dictionary are NOT safe, the people who are likely to hack your account will use a computer program that can try EVERY word in the dictionary in a very short time. Please use a phrase.
    Watch this video:
    13th Dec 2013
    has anyone used fingerprint recognition hardware for passwords? Are they secure? Are they effective?
    29th Dec 2014
    A Little Dabll Do Ya !!...
    4th Nov 2015
    Hey particolor, I know your password!!! "Brylcreem"!!!
    29th Apr 2014
    Im surprised that "incorrect" didn't make the top 10. When I forget my password, I always get the message "your password is incorrect". So I use this. Not really LOL.
    25th Jun 2014
    I tried to use "penis" as a password, but was told it was too short.
    29th Dec 2014
    6th Jan 2015
    Particolor - you have just revealed one.
    5th Feb 2015
    You have been emasculated by a computer system by being told your 'penis' is too short ;-)
    8th Jan 2016
    LOL! y'all.
    Precious 1
    26th Oct 2014
    Never ever had trouble for 40 years or more with my passwords listed here...also may I ask help..why is it that I can post on here and other smaller post in boxes but not reply to others.....
    29th Dec 2014
    I had the Same Precious ?? I cant reply to Posts I receive ??.. its like a Dutch Cryptic Crossword trying ??
    4th Nov 2015
    Dear Precious 1, The System's Master is trying to stop slinging matches happening between two parties!!!! That's why I can't reply to particolor to ask what the the hell has a Dutch Crossword got to do with your post!!! See how effective it works!!!
    2nd Jan 2015
    For some time now there have been Multiplatform passport managers that run on smart phones android iPhone Mac Windows and more recently Linux variants
    Examples include Passport Wallet,1password as well as cloud based 'keychains'
    All of these require a single master password
    I don't think I appreciated just how many Pins passwords and security questions had built up- I have nearly 700 now so this has become critical
    Biometric options are still very dangerous as they can increasingly be spoofed-fingerprints have recently been cracked for example-

    As a result two factor security methods are emerging, for example an SMS must be responded to after a transaction has been carried out. Banks now offer this but are as usual way behind their customers, and especially the older ones in early retirement (and often on overseas travel) and have as yet failed to provide a fallback number process to meet the travel Sims that one gets in each destination
    4th Nov 2015
    Mrw, I'd like to say that I know what you are talking about. But please explain: '... An SMS must be responded to AFTER a transaction HAS BEEN CARRIED out'? If the transaction has been carried out then what is the point of the subsequent SMS? As a Queenslander would say, 'Aye???'
    6th Jan 2015
    It is insulting to use the photo of a beautiful , probably faithful dog operating the keyboard.
    4th Nov 2015
    I thought that 'enter password' actually meant that? What's wrong with that?
    13th Jan 2016
    I was guilty of using some of the passwords mentioned in the list until I came across an online course named "Internet and Computer Security: Protect Yourself Online!" which is sold in the website Udemy. It shows you how to create strong passwords (very simple) amongst other relevant information on internet security. Highly recommend.
    14th Jan 2016
    For passwords: Use both letters and numbers and words with an single upper case, but DO NOT include your own name(s), your current street name or number, to help stop ID theft.
    To help with the recall you can use 2 or more names of distant friends, old school mates or names of pets that have past away and towns you lived in when you were young not now.
    example: MaryMelbourneRover1973.
    12th Apr 2016
    I was told my password should be secret so that's what I used.

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles