​The 25 worst passwords of 2014: Is yours one of them?


It's arguably the easiest, most basic way to protect your personal information. Yet people still don't make the effort to create strong passwords to log in to social media, email, stores and other websites. From its annual compilation of 3.3 million passwords leaked online, SplashData has pulled the 25 most common -- and therefore least secure -- not-so-secret codes.

Topping the list? For the fourth year running: "123456" and "password." Might as well just write, "Hackers, come get me." (Actually, that would be more secure.)

The 100 worst passwords include easy series of letters and numbers in alphabetical or numerical order, or as they appear on the keyboard (e.g. "qwerty" and "1qaz2wsx," the first two semi-columns of keys), favorite sports and sports teams and less than clever phrases like "letmein," "access," and, ironically, "trustno1."

"Passwords based on simple patterns on your keyboard remain popular despite how weak they are," said Morgan Slain, CEO of SplashData. "Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure."

This year's list also reveals that millennials, who were raised on the Internet and ought to know better, have some bad habits to contribute. SpashData found that many people use their birth year as their password -- and 1989, 1990, 1991 and 1992 are all in the top 100.

"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years," said security expert Mark Burnett, who collaborated on the list. "The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."

Maybe we're finally learning. But there's a lot of room for improvement.

With that in mind, here is SplashData's full list of the 25 worst passwords of 2014, and how they rank compared to last year:

1. 123456 (Unchanged from 2013)

2. password (Unchanged)

3. 12345 (Up 17)

4. 12345678 (Down 1)

5. qwerty (Down 1)

6. 1234567890 (Unchanged)

7. 1234 (Up 9)

8. baseball (New)

9. dragon (New)

10. football (New)

11. 1234567 (Down 4)

12. monkey (Up 5)

13. letmein (Up 1)

14. abc123 (Down 9)

15. 111111 (Down 8)

16. mustang (New)

17. access (New)

18. shadow (Unchanged)

19. master (New)

20. michael (New)

21. superman (New)

22. 696969 (New)

23. 123123 (Down 12)

24. batman (New)

25. trustno1 (Down 1)

  • Amanda Schupak

    Amanda Schupak is the science and technology editor at CBSNews.com