The worst online passwords of 2013 (and how to create a secure one)

Industry News & Insights The worst passwords of 2013

It turns out that a lot of us are still using terrible passwords for our online accounts, and that makes our information vulnerable to attacks. If your password is one of these, change it now.

Yesterday SplashData, the online information security management company released its annual list of the worst, most obvious or overused passwords of the year.

Perhaps since using 12345678 as a password made the 2012 list of poor choices, this year many folks have tried to fool the hacker community by making their password 123456789 instead. The previous year’s worst password of all, “password” has fallen to second place on the 2013 list.

Weak passwords include keyboard patterns such as qwerty or 111111. Phrases such as iloveyou or letmein also make poor choices. Security experts suggest using combinations of letters, numbers and symbols. However according to SplashData, even numberic substitutions such as “dr4mat1c” can be vulnerable to hackers’ increasingly advanced software.

While completely random combinations like “j%7K&yPx$” can be hard to hack, they are also very difficult to remember. A password that is so complicated that you can’t remember it yourself isn’t very useful either.

SplashData recommends one way to create more secure passwords that are hard to guess but easy to remember is to use short words with spaces or other characters separating them. Rather than using common phrases, they suggest using random words such as , “cakes years birthday” or “smiles_light_skip?”

You should also avoid using the same password for multiple accounts. Keep your online banking password far removed from your Facebook and Twitter sign-in credentials.

Said SplashData’s CEO, Morgan Slain, “We hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

The Worst Passwords of 2013

    1. 123456
    2. password
    3. 12345678
    4. qwerty
    5. abc123
    6. 123456789
    7. 111111
    8. 1234567
    9. iloveyou
    10. adobe123
    11. 123123
    12. admin
    13. 1234567890
    14. letmein
    15. photoshop
    16. 1234
    17. monkey
    18. shadow
    19. sunshine
    20. 12345
    21. password1
    22. princess
    23. azerty
    24. trustno1
    25. 000000

This annual list is compiled from the millions of stolen passwords that end up been made public throughout the year. Does one of them look too familiar? Click here to visit your Workopolis account and update your password.


Peter Harris
Peter Harris on Twitter

  • TheWorld

    I’m curious to how more than half of these exist when password strength verification is in place of almost all set ups now-a-days?!

  • Dario

    If it is a password, how do they know which are commonly used and the amount of people using those?
    I thought it was supposed to be a secret, right?

    • Paul Holt

      “SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.”