List of Top 25 Worst Passwords of 2018 Based On 5 Million Leaked Passwords

Passwords are the strings of cards used to verify the identity of the user, when the passwords are extracted they are free simple and viable approach to gain access to unapproved individuals accounts.

After evalvating millions of passwords SplashData determines the common passwords used by Internet users during that year. The most terrible password used are “123456” and “password”.

They continue to hold the #1 and #2 spots, respectively, the easily hackable password will put a substantial risk of getting beig hacked.

Also a new password debuted this year list “donald” ranked 23rd position, “Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc.“

Every year SplashData evaluate millions of old password from data breaches to determine the weakest passwords.

According to the SplashData almost 10% of the people used one of the most 25 worst passwords on the year’s list and only 3% of people have used the worstpassword, “123456”.

Here is the list of top 25 passwords used in year 2018

  • 123456 (Rank unchanged from last year)
  • password (Unchanged)
  • 123456789 (Up 3)
  • 12345678 (Down 1)
  • 12345 (Unchanged)
  • 111111 (New)
  • 1234567 (Up 1)
  • sunshine (New)
  • qwerty (Down 5)
  • iloveyou (Unchanged)
  • princess (New)
  • admin (Down 1)
  • welcome (Down 1)
  • 666666 (New)
  • abc123 (Unchanged)
  • football (Down 7)
  • 123123 (Unchanged)
  • monkey (Down 5)
  • 654321 (New)
  • !@#$%^&* (New)
  • charlie (New)
  • aa123456 (New)
  • donald (New)
  • password1 (New)
  • qwerty123 (New

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” said Morgan Slain, CEO of SplashData, Inc.

Here is the video shows the worst 100 passwords of 2018.

Tips to Stay Safe

  • Use a complex password, enforce strong password policy.
  • Check the password regularly, Use two-factor authentication(2FA) for vital sites like managing an account and Emails, make sure all the passwords are unique.
  • Change the Manufactures default Password that gadgets are issued with before they are conveyed to the IT Department.
  • Configure using password Manager only for your less important websites and accounts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Dixons Carphone Suffers Massive Data Breach, 5.9 Million Payment Cards & 1.2 Million Personal Data Exposed

37,000 Eir Customer’s Personal Data Exposed as their Company Laptop Stolen

Dell Hacked – Data Breach Exposed Names, Email addresses & Hashed Passwords

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

12 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

12 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

17 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago