By now we all know that we’re supposed to make strong passwords, yet it seems that people around the world are content to ignore this advice.

SplashData, an app provider that helps consumers and businesses manage passwords and security,  has created rankings on the most common internet passwords. The list is based on millions of stolen passwords posted online by hackers.

While a lot of the entries on the list are at first quite amusing, it’s worrying to see how common some of the “less obvious” passwords are. Before seeing this list, using “letmein” might have seemed like a cunning ploy…

1. password

2. 123456


4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passw0rd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football


It only takes a moment, so there’s no reason not to keep yourself protected. Here are some password does and don’t to help you stay safe online.


  • Use cardinal numbers in order, i.e. ’123456? is not clever.
  • Base a password on personal data, e.g. dog’s name, car registration, your name. Never use your mother’s maiden name or any password that your bank might use.
  • Choose a word found in a dictionary in any language – password dictionaries make these particularly easy to crack in a ‘dictionary attack’.
  • Use simple transformation or substitution, e.g. Pa$$w0rd.
  • Use fewer than 8 characters and solely alpha- or numeric characters.
  • Tick the ‘remember this password’ box.


  • Use a mixture of four keyboard character types – lower case letters, upper case letters, numbers and other special characters such as #, $, -, +, @, ! etc. Unfortunately, some older systems restrict the special characters your can use.
  • Use long passwords of 8 characters or more – the longer the password, the harder it is for hackers to use brute force attacks. However, some older systems don’t allow this and have limits of 8 or 14 characters.
  • Use different passwords of different accounts and change them at least twice per year.
  • Always change default passwords from ‘password’ or ‘admin’.
  • Think illogically; computers rely on logic to operate.
  • Be obtuse, think outside the box, invent new words!