Sunday, June 15, 2025
HomeComputer SecurityList of Top 25 Worst Passwords of 2018 Based On 5 Million...

List of Top 25 Worst Passwords of 2018 Based On 5 Million Leaked Passwords

Published on

SIEM as a Service

Follow Us on Google News

Passwords are the strings of cards used to verify the identity of the user, when the passwords are extracted they are free simple and viable approach to gain access to unapproved individuals accounts.

After evalvating millions of passwords SplashData determines the common passwords used by Internet users during that year. The most terrible password used are “123456” and “password”.

They continue to hold the #1 and #2 spots, respectively, the easily hackable password will put a substantial risk of getting beig hacked.

- Advertisement - Google News

Also a new password debuted this year list “donald” ranked 23rd position, “Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc.“

Every year SplashData evaluate millions of old password from data breaches to determine the weakest passwords.

According to the SplashData almost 10% of the people used one of the most 25 worst passwords on the year’s list and only 3% of people have used the worstpassword, “123456”.

Here is the list of top 25 passwords used in year 2018

  • 123456 (Rank unchanged from last year)
  • password (Unchanged)
  • 123456789 (Up 3)
  • 12345678 (Down 1)
  • 12345 (Unchanged)
  • 111111 (New)
  • 1234567 (Up 1)
  • sunshine (New)
  • qwerty (Down 5)
  • iloveyou (Unchanged)
  • princess (New)
  • admin (Down 1)
  • welcome (Down 1)
  • 666666 (New)
  • abc123 (Unchanged)
  • football (Down 7)
  • 123123 (Unchanged)
  • monkey (Down 5)
  • 654321 (New)
  • !@#$%^&* (New)
  • charlie (New)
  • aa123456 (New)
  • donald (New)
  • password1 (New)
  • qwerty123 (New

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” said Morgan Slain, CEO of SplashData, Inc.

Here is the video shows the worst 100 passwords of 2018.

Tips to Stay Safe

  • Use a complex password, enforce strong password policy.
  • Check the password regularly, Use two-factor authentication(2FA) for vital sites like managing an account and Emails, make sure all the passwords are unique.
  • Change the Manufactures default Password that gadgets are issued with before they are conveyed to the IT Department.
  • Configure using password Manager only for your less important websites and accounts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Dixons Carphone Suffers Massive Data Breach, 5.9 Million Payment Cards & 1.2 Million Personal Data Exposed

37,000 Eir Customer’s Personal Data Exposed as their Company Laptop Stolen

Dell Hacked – Data Breach Exposed Names, Email addresses & Hashed Passwords

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

7 Best Third-Party Risk Management Software in 2025

Whether you operate a small business or run a large enterprise, you rely on...

10 Best Patch Management Tools 2025

In today's digital landscape, maintaining secure and efficient IT systems is critical for organizations....

10 Best Cloud Security Solutions 2025

In today’s digital era, businesses are increasingly adopting cloud computing to store data, run...