How weak are your online passwords? New report reveals the worst ten you should never use

New report exposes the ten least secure online passwords Credit: Dominic Lipinski/PA Wire

There were a series of major security breaches in 2014 involving the likes of iCloud, Snapchat and Sony Pictures. Despite these high profile hacks, it seems people online still don't know how to protect themselves with strong enough passwords.

Online security firm SplashData has looked at more than three million passwords that were leaked online in the last year. Its fourth annual 'Worst Passwords' report shows the ones to avoid.

For the fourth year in a row '123456' and 'password' occupy the top spots in the least secure list.


1. 123456 (Unchanged from 2013)

2. password (Unchanged)

3. 12345 (Up 17)

4. 12345678 (Down 1)

5. qwerty (Down 1)

6. 1234567890 (Unchanged)

7. 1234 (Up 9)

8. baseball (New)

9. dragon (New)

10. football (New)

Passwords based on simple patterns on your keyboard remain popular despite how weak they are.

Morgan Slain, SplashData chief executive

Web experts suggest not using a favourite sport, for example 'football' or 'baseball' - both of which make the worst top 10.

Birthdays should also not be used, in particular the year of your birth.

But 'iloveyou' is one of the nine passwords from 2013 to fall off the 2014 list.

And perhaps ironically, 'trustno1' comes in at number 25.

The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years.

Mark Burnett, online security expert