The worst passwords of 2015

Every year we have studies showing the worst, unimaginative and insecure passwords that people routinely use (and recycle) across their digital life. This year is no different.

In January 2016, SplashData, a developer of password management software, released its fifth annual “Worst Passwords List” which shows that people are continuing to put themselves at risk.

While longer passwords made their debut on this year’s list of the most commonly used passwords, SplashData says they are not necessarily more secure.

We can be sure that the list is representative, given that it is compiled from more than 2 million leaked passwords from 2015.

So what made the cut?

Two of the usual suspects top the list: “123456” and “password” followed by:

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. football

8. 1234

9. 1234567

10. baseball

11. welcome

12. 1234567890

13. abc123

14. 111111

15. 1qaz2wsx

16. dragon

17. master

18. monkey

19. letmein

20. login

21. princess

22. qwertyuiop

23. solo

24. passw0rd

25. starwars

The experts (including SplashData) offers the following tips to help people protect themselves:

  • Use passwords or passphrases that are suitably long (12 characters or more, ideally) and with mixed types of characters
  • Avoid using the same password on different websites
  • Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites

Join Whitehall Media at our upcoming IDM Europe conference on 23 March 2016 in Amsterdam where we discuss the latest trends in the Identity and Access Management space. To register please go to