Google Play password

Believe it or not, but following the PRISM scandal, increased cyber-security threats and a growing awareness of just how easy it is to hack a computer or phone, passwords in 2015 actually got worse than in years past. New research from password management software developer, SplashData, shows that while passwords have gotten longer, they haven’t gotten better.

So what constitutes one of the worst passwords of 2015? Well, perennial favorites “qwerty” and “12345” made the list, as did “1234” and “123456” (which actually took the number one spot). The second position was taken by, you guessed it, “password”.

You may scoff at the idiocy of these ultra-weak passwords, but at least some people were paying attention to the need for longer passwords for added security. This is why the list also included “1234567890” and “qwertyuiop” – the entire top row on a QWERTY keyboard. They get an A for effort, but not for security.

Swiftkey keyboard

In fact, every number string from “1234” to “1234567890” was in the 12 most popular passwords. So where did this data come from? From over two million leaked passwords shared online by hackers. But it wasn’t all number strings and QWERTY key layout passwords. Some other high-ranking passwords included sports like “football” and “baseball”, which both made the top ten, and animals including “monkey” and “dragon”.

See also:

The best password manager apps for Android

January 31, 2017

With all the Star Wars hype going on last year, some people were motivated enough to strengthen their passwords by using such unimaginably strong passwords as “starwars” and “solo”. Something tells me the force wasn’t guiding those decisions. Of all the obvious passwords on the list, a couple stand out for at least trying to be good, alpha-numeric passwords: “1qaz2wsx” and “passw0rd” come to mind.

ENpass Password Manager master password fingerprint unlock

Are you using any of these terrible passwords? If you are, then stop. You’re not fooling anyone. In fact, you should never use number strings – especially not in ascending order – or standard English words. Alpha-numeric passwords with a mix of upper and lower-case letters and symbols are best. Names of pets, birthdays, children’s or partner’s names are all a non-no.

If the prospect of making uncrackable passwords seems too daunting, then why not try a third-party password manger? We’ve recently posted about Enpass and LastPass, plus there’s Dashlane and 1Password to consider. These apps let you create one master password to protect all your other passwords, which you can make as complex as you need because you don’t need to remember them. Just don’t make your master password “starwars” OK?

For the curious, here are the top 25 worst passwords of 2015, according to SplashData:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars
Kris Carlon
Kris Carlon is a Senior Editor at Android Authority. He is a half-British Australian who lives in Berlin, travels a lot and is always connected to a laptop, phone, smartwatch or tablet (and occasionally a book).
  • candymanal

    That’s funny.
    I didn’t see, the most famous password, for Liberals, listed.
    It’s spelled:

    • quintessentially british

      I’d rather blame Blair

    • smokebomb

      My most common one is: Bushisawarcriminal

    • Frank Bank

      I love Bush

  • s2weden2000

    Aijphoney users use 123456 they just add a number with every version..they don’t know better…

  • Planterz

    12345? That’s amazing! I’ve got the same combination on my luggage!

    • Happy

      So the combination is… one, two, three, four, five? That’s the stupidest combination I’ve ever heard in my life! That’s the kind of thing an idiot would have on his luggage!

    • Frank Bank

      I have it on my locker

  • PC_Tool

    Of course you should use standard English words. Pass-phrases are way more secure – so long as you aren’t an idiot about it.

    Obviously, don’t use: correct horse battery staple. (approval required to link image, apparently – google it)

    Or mine; hockeypuck rattlesnake monkey monkey underpants.


    I can see why people go with stupid passwords. Websites aren’t all the same, some sites don’t allow for the special characters, while some of them make you add a special character to the password.

    I’m genuinely surprised that Baloney1 didn’t make the list

  • peerpressure

    Nice, a password I use is #4 on the list, qwerty. This is my goto for every game on my phone that requires a login. I don’t care enough to create a secure password.

    So, since these are passwords shared from hackers that only encompass 2 million passwords (with the billions of people online, and the hundreds of sites that each person has a login to, 2 million is a very small drop in a bucket). Add that to the fact that there are tons of websites out there that have minimal security, which means you don’t want to use one of your secure passwords for them.

    So sure, probably a few people out there think that 1234567 is going to protect them, but I bet the vast majority of humanity is using these passwords as throwaway ones on insecure websites.

    • PC_Tool

      “This is my goto for every game on my phone that requires a login.”

      (until one of the games scrapes your “secure” password either being stored or transmitted in plain-text)

      • peerpressure

        Still not a problem. So what, they hack my account? They go into one of my past games and check my status? I never buy IAPs, so they don’t have any payment info on there. Not a big deal. And, since it’s already on this list, I don’t really care if it’s transmitted in plain-text.

        • PC_Tool

          I think you mis-read. In the scenario outlined, the game would have gotten a hold of your “secure” password – say for your bank or some other site you deem important enough for a “secure” password.

          Point being having an insecure password at all makes any of your others less secure.

          It may not change your mind, and isn’t really intended to – just a heads-up.

  • Frank Bank

    my home alarm system code is help