The following lists are the worst passwords from 2018-2020 - with the first providing information regarding how long it may take attackers to crack a "weak or bad" password and how many times it has been exposed. We strongly encourage anyone using any listed or similar passwords to change immediately. The resources under "Creating a better password" can assist in creating more secure options.
Image: NordPass
Worst passwords 2018-2020
2018
| 123456 |
| password |
| 123456789 |
| 12345678 |
| 12345 |
| 111111 |
| 1234567 |
| sunshine |
| qwerty |
| iloveyou |
| princess |
| admin |
| welcome |
| 666666 |
| abc123 |
| football |
| 123123 |
| monkey |
| 654321 |
| !@#$%^&* |
| charlie |
| aa123456 |
| donald |
| password1 |
| qwerty123 |
Source: Nordpass and SplashData
2019
| 123456 |
| 123456789 |
| qwerty |
| password |
| 1234567 |
| 12345678 |
| 12345 |
| iloveyou |
| 111111 |
| 123123 |
| abc123 |
| qwerty123 |
| 1q2w3e4r |
| admin |
| qwertyuiop |
| 654321 |
| 555555 |
| lovely |
| 7777777 |
| welcome |
| 888888 |
| princess |
| dragon |
| password1 |
| 123qwe |
Creating a better password
- USNH recommendations for creating a strong password
- Follow the requirements in USNH Password Policy.
- Do not use dictionary words
- Length matters - long passphrases are better than short, complex passwords; and may be easier to remember!
- Do not create passwords with personal information
- Use a password manager to help manage usernames and passwords for multiple applications/sites.
- Use online tools to help determine how safe a potential password might be
- My1login Password Strength test - shows how long it might take to crack a password
- Have I Been Pwned? - compares password against a database of compromised passwords circulating on the dark web
