Blog Blog

IDT911 is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

123456 and Other Passwords on the Worst List of 2015

123456 and Other Passwords on the Worst List of 2015
January 21, 2016
Comments [0]

By Jeanine Skowronski

Despite all of the data breaches and scams that have proliferated over the last few years, we sure love our bad passwords.

For the fifth year in a row, “123456” and “password” topped password manager provider SplashData’s annual “worst passwords” list. Its latest version was compiled from more than 2 million leaked passwords mostly held by users in North America and Western Europe during the year. New and notable entrants include “starwars,” “solo” and “princess”  — undoubtedly tied to the massively successful debut of Star Wars: The Force Awakens this year.

Meanwhile, other repeat offenders were “dragon” (No. 16), “111111” (No. 14), and “letmein” (No. 19).

Of course, it wasn’t all bad news on the password front this year, as SplashData notes that websites and users were at least trying to be a bit more secure by lengthening their terrible passwords.

“For example, ‘1234567890’, ‘1qaz2wsx’ (first two columns of main keys on a standard keyboard), and ‘qwertyuiop’ (top row of keys on a standard keyboard) all appear in the top 25 list for the first time,” SplashData wrote in a press release, before pointing out that “they are each based on simple patterns that would be easily guessable by hackers.”

The top 10 worst passwords of 2015 are:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

How to Set Strong Passwords

Strong passwords are important because they help keep hackers from getting into important accounts and/or getting a hold of sensitive personal information that can be used to steal your money or, worse, your identity. A strong password generally mixes letter, numbers and special characters, uses both upper- and lowercase letters and is at least 10 characters long. They also don’t include your name, birthdate, common words, simple pop culture references (ahem, The Force Awakens) or any information (like, say, the name of your dog or cat) that can be easily found on social media.

Remember, it’s also in your best interest to change passwords often and to refrain from using the same one across accounts. Plus, if you have any reason to believe your personal or payment information has been compromised, you should keep a close eye on your financial accounts and your credit report. You can do the latter by pulling your credit reports for free each year at and viewing your two free credit scores each month on Signs your identity has been stolen include a sudden drop in credit scores, mysterious lines of credit you’ve never opened and unfamiliar addresses.

This article originally appeared on

Offer 24/7 IDT911 Protection

IDT911's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, member retention, and quickly generate long-term recurring revenue.

Let's Get Started