Worst Passwords in 2018

SplashData published their eighth annual list of the worlds worst passwords. After evaluating around 5 million leaked passwords, SplashData found that users are still using the same ‘ol guessable passwords.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”


Here is a part of the list of “Worst Passwords in 2018”

1 123456 (Rank unchanged from last year)
2 password (Unchanged)
3 123456789 (Up 3)
4 12345678 (Down 1)
5 12345 (Unchanged)
6 111111 (New)
7 1234567 (Up 1)
8 sunshine (New)
9 qwerty (Down 5)
10 iloveyou (Unchanged)
11 princess (New)
12 admin (Down 1)
13 welcome (Down 1)
14 666666 (New)
15 abc123 (Unchanged)
16 football (Down 7)
17 123123 (Unchanged)
18 monkey (Down 5)
19 654321 (New)
20 !@#$%^&* (New)

If you want to take a look at the complete list, visit SplashData’s website here.

How can you choose a password strong enough to protect your online identity?

I’ve published a post back in 2017 that explains the most logical way to choose a strong password. If you don’t feel like reading it, here is the TL;DR:

Passwords that are made of phrases are the best. A password such as: ILikeToWriteAboutSecurity123$ is practically impossible for a hacker to guess, at least not in their lifetime and not with current technologies.


Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

%d bloggers like this: