Password Security – The 25 most common passwords of 2018

      Comments Off on Password Security – The 25 most common passwords of 2018

Password security is a cornerstone to most of the security systems we use to protect our data. Whether its pin codes of debit cards, passwords for social media sites, or those that we use to open our phones, passwords are everywhere.

Each year, SplashData releases a list of the 25 most commonly used passwords for that year. This year, it seems we aren’t doing much better than previous years for our password security.

Each year, SplashData takes the millions of leaked passwords online and evaluates them to determine which passwords were most commonly used in that year. By looking at some many password leaks, they are able to create the list below.

The importance of password security and the risks of using poor passwords are well known. However, millions of people continue to use weak passwords for their online activities. The most common reason is because passwords are hard to remember and inconvenient to use. The worst part is that many people will use the same password over and over for every site they visit. This means that if an attacker is able to breach on account, they can move that to others like Facebook, Gmail, or Amazon.

According to SplashData, almost 10% of users have used at least one of the 25 worst passwords on this year’s list, Nearly 3% of users have used the worst password, 123456.

Here is the 2018 list of most commonly used passwords.

1. 123456 (Unchanged)

2. password (Unchanged)

3. 123456789 (Up 3)

4. 12345678 (Down 1)

5. 12345 (Unchanged)

6. 111111 (New)

7. 1234567 (Up 1)

8. sunshine (New)

9. qwerty (Down 5)

10. iloveyou (Unchanged)

11. princess (New)

12. admin (Down 1)

13. welcome (Down 1)

14. 666666 (New)

15. abc123 (Unchanged)

16. football (Down 7)

17. 123123 (Unchanged)

18. monkey (Down 5)

19. 654321 (New)

20. !@#$%^&* (New)

21. charlie (New)

22. aa123456 (New)

23. donald (New)

24. password1 (New)

25. qwerty123 (New)

Password Security Rules

Password security is composed of three parts. These are:

  • Password length – how long is your password?
  • Password complexity – does it use upper and lower letters, numbers and punctuation?
  • Password uniqueness – is your password a word that will appear in any type of dictionary? Foreign language words don’t help with this as attackers have dictionaries for foreign languages.

Password length is about how many characters that make up the password. Longer is better for passwords. Consider using more than 12 characters.


Password complexity means what is being used – upper letters, lower letters, numbers, and special characters like punctuation. Examples include ~!@#$%^&*()<>?”‘:;

If you would like a complete guide on how to make an uncracklable password, please read our report here.

Lastly, consider using a password manager like LastPass. LastPass will create random, complex passwords for each of your sites. It will store them securely for you and then when you log into a site, LastPass will put the passwords in for you. This way, you can use very secure, random passwords for each site.