It’s that time of year again—everyone’s chopping down trees, hanging lights, and waiting for the release of SplashData’s annual list of the most popular, least secure, and completely hackable passwords.
For the last eight years, SplashData has compiled every password that leaked online—this year, it was upwards of 5 million—and assembled a list of the Top 100 Worst Passwords.
A look at this year’s list reveals that people like passwords they can remember, and apparently their memory isn’t all that good. That’s why “123456” has held the #1 spot since the first list was put together in 2011—and “password” has stayed strong at #2.
One of the password creator’s most popular genres? Cultural references. “Hackers have great success using celebrity names, terms from pop culture and sports […] to break into accounts online,” explains Morgan Slain, the CEO of SplashData in a recent press release. Some of this year’s cultural highlights include “donald” at #23, “starwars” at #60, and “solo” at #45.
There are also luxury automobile fans: “mercedes” (#65), “corvette” (#64), and “ferrari” (#61) among them. And have faith there are quite a few scatalogical trends in there as well.
But while SplashData’s list might be entertaining, identity theft is no joke. “Using these passwords will put anyone at substantial risk of being hacked,” SplashData warns in their press release. So, feel free to laugh at how common “666666” and “welcome” are, but if your Amazon password happens to be “iloveyou” or “letmein,” consider an upgrade.
What constitutes a strong password? Make it long (at least 12 characters, experts suggest) and a mix of letters, numbers, and symbols. One trick that can make the password easier to remember: Substitute numbers for letters in a word, like using a “3” for an “e” and a “0” for an “O.”
Here’s a look at the top 25 worst passwords, courtesy of SplashData: