Cyber attacks are becoming more common than ever before. Each person may be unique, but their personal data is not. This commodity is wheeled and dealed from the smallest comprise to the largest data breaches.

Despite the hacks not being someone’s fault (usually), the part you can control is your password and account security. Despite all the warning signs, many of us prefer the convenience of something easy to remember. The trade off is, of course, your passwords are far easier to guess.

Since 2011, SplashData has released its annual popular passwords of the year. SplashData looked at the more than 2 million leaked passwords and analyzed the most common and least secure of them.

Most Common Passwords of 2015 by SplashData

Here’s SplashData’s full list. To keep your passwords secure, you definitely shouldn’t use any of the phrases on SplashData’s list.

The numbers in parentheses denote the position change in the password list. New refers to a new position on the list, 0 refers to the same position (unchanged), positive numbers mean the entry has gone up, and finally, a negative number means the entry went down the list.

  1. 123456 (0)
  2. password (0)
  3. 12345678 (1)
  4. qwerty (1)
  5. 12345 (-2)
  6. 123456789 (0)
  7. football (3)
  8. 1234 (-1)
  9. 1234567 (2)
  10. baseball (-2)
  11. welcome (New)
  12. 1234567890 (New)
  13. abc123 (1)
  14. 111111 (1)
  15. 1qaz2wsx (New)
  16. dragon (-7)
  17. master (2)
  18. monkey (-6)
  19. letmein (-6)
  20. login (New)
  21. princess (New)
  22. qwertyuiop (New)
  23. solo (New)
  24. passw0rd (New)
  25. starwars (New)

Comparison of the Most Common Passwords from 2011 to 2015 by SplashData

Since 2011, SplashData has published a list of the 25 most common passwords each year. The list is based on data examined from millions of passwords leaked in data breaches, mostly in North America and Western Europe, year over year.

SplashData Most Common Passwords 2011-2015

Most Common Passwords of 2015 Observations

There you have it. There are 8 new entries to the last from last year, including “starwars.” The top 2 passwords of “123456” and “password” topped the list. Other single words like “monkey,” “dragon,” “solo,” and “princess” also placed in the top 25.

An interesting development shows “1qaz2wsx” and “qwertyuiop” which might look like more of a secure password until you see the keyboard pattern. The first password comes from the first two columns of the keyboard, and the latter comes from the top row of letters on the keyboard from left to right.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.”

Morgan Slain, SplashData CEO

SplashData recommends using eight digits or longer passwords with all character types – uppercase letters, lowercase letters, numbers, and symbols. They also recommend using a different username and password combination for different websites and using a password manager to not only protect your passwords but also help you generate secure passwords (that you will never remember – but that’s what a password manager is for).

SplashData hopes this annual list helps educate people on what’s commonly used so they can start thinking more deeply about their password strategy and start changing bad passwords. Unfortunately, after 5 years of consistent results, people aren’t responsive to that message.

Additional Sources: