Top 10 Worst Passwords You Should Never Use

Dennis Faas's picture

According to a recent report, most users still haven't answered the call by security experts to implement more robust passwords. In fact, in a list of the most easy to hack passwords, simply typing '123456' took a truly forgettable top prize.

Security firm Imperva this week released its list of the passwords most likely to be hacked based on 32 million instances of successful hacking. Imperva named their report "Consumer Password Worst Practices," and some of the entries near the top are truly simple.

Worst Password Practices

The top three passwords all included the simple streaming of numbers: first '123456' followed by '12345' and then '123456789'. Similar entries reappeared at eight and nine on a top ten list. However, the fourth most-hacked password was actually just the word 'Password' followed by 'iloveyou' and 'princess' at spots five and six. (Source:

What the report shows is that people still aren't using effective strategies to protect their sensitive information online. Using these kinds of passwords to protect your email account or, worse yet, banking information, could lead to theft or identity fraud.

Top 10 Worst Passwords

The following is a list of the most predictable passwords, and should not be used under any circumstances (Source:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Passwords Too Short, Simple

Other key findings in the report: it seems that almost 1 in 3 users choose passwords comprised of six or fewer characters; more than half use passwords based on only alpha-numeric characters; and almost 50 per cent used variations on their name, popular slang terms, or simple strings of consecutive characters from the average QWERTY keyboard -- such as 'asdfg'.

Imperva has made several obvious recommendations, suggesting most users adopt passwords with at least eight characters and to mix those characters between upper and lower case letters, numbers, and symbols. Obviously the passwords should be simple enough that they won't be too easily forgotten, but the idea is to make cracking the code virtually impossible for either an unknown or known hacker.

Rate this article: 
No votes yet