The 25 Most Popular Passwords Of 2015: We're All Such Idiots

The 25 Most Popular Passwords of 2015: We're All Such Idiots

It's 2016 and you may have thought we'd all be a little older and wiser than this time last year. But as you read this list of 2015's most popular passwords, you will shake your head, mumble unmentionables and reach the firm conclusion that, no, we are in fact all still complete and utter morons. Every year, SplashData complies a list of the millions of stolen passwords made public throughout the last twelve months, then sorts them in order of popularity. This year the results, based on a total of over 2 million leaked passwords, are not the list of random alpha-numeric characters you might hope for. Rather, they're a lesson in exactly how not to choose a password.

Yes, "123456" and "password" remain bewilderingly popular.

But anyway, without further ado, here's the list, direct from Splash Data. Brace yourselves.

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

There are some interesting trends, if you can get beyond the sheer stupidity for a moment. Sports-based passwords are still popular, with "football" and "baseball" both ranking highly, and so are those inspired by a certain blockbuster film, with "starwars" and "solo" making an appearance.

It's also nice to see the return of "princess", which dropped out of the Top 25 last year but has made a resurgence, also potentially due to Star Wars. Elsewhere, other new entries -- including "welcome", "login" and "passw0rd" -- are just as hackable but far more amusingly dumb.

You can check out the lists from 2013 and 2014 if you don't hate humanity and the internet enough already.

Now is the point at which we should provide some advice about how to create a strong password. But here's the best piece of advice we have: let's all stop being such bloody idiots.

Image by Shutterstock/kpatyhka



    What this tells us is that people hate passwords and will put in the easiest ones they can do. We need a different system than passwords. They suck, vital but they suck.

    I wonder if "trustno1" will come back this year with the upcoming X Files release...

    Lastpass.....every password is unique and I dont need to remember them. Job done.

      I use lastpass too, but there's no way I'd trust it to a point where I don't backup a list of passwords off network. Dread to think what I'd do if Lastpass crapped itself.

      I tried LastPass, but it doesn't work well if you have many hundreds of passwords.
      They also seem to get hacked too much for my liking.

        Have a listen to the review and info done by Steve Gibson of Gibson Research. Essentially everything is encrypted before it leaves your device so Lastpass never see your unencrypted data and then they further hash it so if Lastpass is hacked, the hackers get nothing useful. The weakest link is a virus or malware on your device.

    There's an argument to be made that it's somewhat irrelevant since these passwords were stolen in data breaches yes? As most are these days. No matter how good your password is, if a server is hacked and all the info stolen, it won't do you much good.
    Also bears asking what these passwords are for: netbanking or one of the 10 billion accounts we all have on every 2 bit website that demands one to use nowadays.

    Buy yeah, you could at least make a little bit of effort.

    I notice that none of that top 25 has an upper case character in it. So I assume that Password is safe?

    I always use complex passwords which most people reject as "too hard to remember" but they are NOT hard to remember at all! Just type in into a word processor a few time and you will remember it. Just don't save the document you typed it in.

      So you have a different complicated password for every single website that you interact with? Every site that you leave a comment on? Every shop you've spent 50c in?

      The idea that absolutely every site we visit needs an account secured by a password is stupid and while it's the norm we will forever be simple passwords and passwords used across multiple sites.

    Wouldn't the reason "password" is such a high contender because of so many machine's default password is "password" and lots of people leave it as default?

    Honestly why are the creators of the background systems allowing you to input 'password' or somesuch into a password field? Surely you could just restrict dictionary words, sequential numbers etc?

    Or is that too fanciful?

    I personally don't see the problem here. If you want your password to be "password", more power to you. It's your own fault if it gets hacked and you lose everything.

    It makes sense to me that the more people value the contents of an account, the more likely they are to put a secure password on it.

    I guess what I'm saying is, I wish every site I register with didn't have its own arbitrary ruleset for passwords and just let me put in whatever I wanted, no matter how stupid.

    I'm not too concerned if someone hacks my Gizmodo account, so that has an easy generic password I use for all my low security websites which includes 1 digit and 1 uppercase letter this satifies pretty much all websites
    Important ones like my bank account paypal ebay email have complex unique passwords which I can remember, problem solved!!

Join the discussion!