Skip to main content

From abc123 to qwerty, the worst passwords of 2019 have been revealed

worst passwords 2019
(Image credit: ShutterShock)

It may be the season for giving, but that doesn’t stop hackers from taking valuable personal information. 2019 featured more than its fair share of data privacy scandals and large-scale leaks, but some still aren’t playing it safe when it comes to picking a password.

Security services firm SplashData has released its annual list of the Worst Passwords of the Year. This is determined by evaluating more than 5 million leaked passwords and ranking those which feature most often. 

The ever-popular ‘password’ has fallen to fourth on this year’s list, with ‘123456’ keeping its top spot. Rising two places to eighth place, ‘iloveyou’ remains a popular password choice. A cute way to make a hacker’s day, but it’s maybe worth spreading the love in different, more secure ways in 2020.

 Here’s the list of SplashData’s worst passwords of 2019:  

  1. 123456 (rank unchanged from 2018) 
  2. 123456789 (up 1) 
  3. qwerty (Up 6) 
  4. password (Down 2) 
  5. 1234567 (Up 2) 
  6. 12345678 (Down 2) 
  7. 12345 (Down 2) 
  8. iloveyou (Up 2) 
  9. 111111 (Down 3) 
  10. 123123 (Up 7) 
  11. abc123 (Up 4) 
  12. qwerty123 (Up 13)  
  13. 1q2w3e4r (New) 
  14. admin (Down 2) 
  15. qwertyuiop (New) 
  16. 654321 (Up 3) 
  17. 555555 (New) 
  18. lovely (New) 
  19. 7777777 (New) 
  20. welcome (Down 7) 
  21. 888888 (New) 
  22. princess (Down 11) 
  23. dragon (New)  
  24. password1 (Unchanged) 
  25. 123qwe (New) 

If you’ve seen your password on the list, you’re not alone. According to SplashData, almost 10% of people have used at least one of the passwords on this year’s list. 

 How do I make my password more secure? 

SplashData has suggested some simple tips to protect yourself from online hackers. Be sure to use passphrases of twelve characters or more with mixed types of characters, and have a different password for each of your logins. This limits the damage if a hacker does get hold of one of your passwords. 

When setting a password, don’t use personal information like the name of a relative or pet. This information is often available on social media, which could help a hacker to access your account. 

It’s also worth changing passwords regularly. This can be a bit of a hassle but you can make it easier by simply capitalising the next letter in a sequence, or adding the year to the end. 123qwe becomes 123qwe2020, for example. Still a terrible password, but that extra bit longer and more complex.