Here are the 10 worst passwords still being used in 2018

2018 brought us a Royal Wedding, a new Cuba, the World Cup and legalized marijuana at the Federal level for Canada.

It also brought us data breach after data breach, hacks aplenty, and your data repeatedly sold across the dark web.

With how often the information we use to secure our online accounts got out in the wild, it’s astonishing to me whenever I hear that people still use insecure or default passwords for anything. Seriously, you wouldn’t leave your front door unlocked, but this is precisely what you are doing when your passwords are shit.

SplashData, the company that makes password manager SplashID, did a deep dive onto over 5 million publicly available leaked passwords and the results are kinda horrifying. They do this analysis yearly, and people are still using the same bad passwords from last year’s shitlist.

The worst passwords of 2018

If you’re using a password like “123456,” “admin,” or “abc123,” slap yourself in the face and go change them. That goes double for any manufacturer that uses these as shipping defaults. Barely anyone changes them, so try a little harder and put better default passwords at the time of shipping. Router manufacturers have slowly gotten better at this over the years, at least for default WiFi passwords.

Some fun entries into the top 25 of this year’s bad passwords include “donald,” “sunshine,” and “princess.” Seriously, people, you’re not clever, you’re not unique, and you will get hacked. If you’re using any of the immensely stupid passwords on SplashData’s top 100 – get yourself a password manager app that can create better ones for you.

Using simple, short, common passwords leaves you more likely to get hacked, your bank accounts or credit cards drained, or any number of evil things that you don’t want to deal with the fallout from.

This is only the top 10 shitty passwords for 2018, SplashData has the top 100 offenders on their site for your perusal.

1. 123456
2. password
3. 123456789
4. 12345678
5. 12345
6. 111111
7. 1234567
8. sunshine
9. qwerty
10. iloveyou

Again, if you’re using one on this list – check yourself before you wreck yourself. Get a password manager to both save all your passwords safely behind encryption and create new, secure, unique variants for all your online accounts. Popular choices are LastPass, SplashID, and 1Password.

Hackers are smart, so take steps to protect yourself

You should be taking further steps with your really sensitive online accounts. This includes anything financial-related, your social media profiles and popular hacking targets like Amazon and Steam. Add multi-factor or two-factor authentication to these.

That means you’ll also need to install an app authenticator to create the one-time-use passcodes to use as well as your usual login details. Avoid using SMS two-factor though, as it’s insecure. A determined hacker can get your phone number cloned and intercept these.

Another fairly low-cost way to secure your accounts is a hardware-based security key. This does the same function as the app authenticator, but with the added bonus that it’s on you at all times. Popular ones include Yubikey, and Google’s own Titan.

Are you using any of these in your day-to-day life? Why? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• The Apple Watch is adding sleep tracking, but you’ll have to buy a new accessory
• Kanye West’s iPhone password has been revealed and boy is it a doozy
• How to backup important data from your devices

Joe Rice-Jones

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.