It’s impossible to make a perfect password. I’m sorry to be the bearer of bad news. Even if your password is completely randomized and unguessable, it’s still vulnerable to data breaches, phishing schemes and man-in-the-middle attacks.
At the very least, we can agree that some passwords are better than others. And if you’re using one of the 50 worst passwords according to TeamsID, you might want to change it sooner rather than later.
TeamsID, an enterprise security firm located in Los Gatos, California, wrote a blog post highlighting “The Top 50 Worst Passwords of 2019,” with a few shout-outs to a handful of clunkers from the rest of the top 100. All of the usual suspects are here, such as “password” and “123456,” but it’s worth noting that there are fewer pop-culture references than usual this time around.
(This should go without saying, but if you see your password anywhere on this list, you should change it right away — on every account that uses it. Make sure you don't use a new password more than once.)
Since TeamsID did not reveal its methodology in ranking these passwords, we can’t say definitively what makes them the “worst.” However, it’s easy enough to guess: These passwords are common, easy-to-guess and generally just contain numbers and lower-case letters.
No one deserves to be hacked, but if you use one of these passwords, you’re certainly not making it very difficult for online malefactors.
First and foremost, here are the top 10 worst choices:
- 12345
- 123456789
- qwerty
- password
- 1234567
- 12345678
- 12345
- Iloveyou
- 111111
- 123123
I don’t think I have to explain why those are all terrible choices.
Things are pretty straightforward as you get further down the list, too. “admin” crops up, as do “777777,” “letmein,” “passw0rd” and “zxcvbnm.” “secret,” “shadow” and “football” all make their annual appearances, as do a few common names. (“charlie,” “michael” and “donald,” notably.)
One thing that disappointed me, personally, was that “starwars” did not make the top 50 cut this time around. It was relegated instead to #79. That means I will not be able to make my annual Star Wars vs. Star Trek password joke, and I apologize on behalf of the entire Tom’s Guide staff.
On the other hand, “dragon” clocked in at #23, while "princess" ranked just slightly higher at #22. Someone is still enjoying fantasy stories, at least.
Regardless of how TeamsID compiled the list, it’s the same lesson as always: Some passwords are really easy to guess, and the harder it is to guess yours, the better.
One of the best password managers can help with this; so can using a different password for every service you have online. Even if you want to go old-school, a piece of paper with dozens of passwords written down is still more secure than one excellent, reused password that got exposed in a data breach at some point.
