New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

'123456' Named 2014's Worst Password of the Year

Despite the multitude of password management apps that are available, like 1Password and LastPass, many people continue to use easily guessable words and number strings to protect their sensitive information.

One of the most popular passwords in 2014, for example, was "123456," according to a list of leaked 2014 passwords gathered by SplashData (via Re/code). The second most used password was "password," followed by "12345," "12345678," and "qwerty." Both "123456" and "password" have also been popular in past years, ranking as the top two most commonly used passwords in 2013.

Similar number strings were the sixth and seventh most popular 2014 passwords, followed by the words "baseball," "football," and "dragon."

"Passwords based on simple patterns on your keyboard remain popular despite how weak they are," said Morgan Slain, CEO of SplashData. "Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure."
To get its list of the worst passwords in 2014, its fourth annual year of collecting password data, SplashData looked at more than 3.3 million passwords that were leaked across 2014. Passwords came primarily from users in North America and Western Europe.

Based on the data that it gathered, SplashData recommends against using keyboard sequences like "1qaz2wsx" or "qwertyuiop," and it advises users not to use a favorite sport. Baseball and football made the top 10 list of most common passwords, while hockey, soccer, and golfer were in the top 100. Team-based passwords like Yankees, Eagles, Steelers, Rangers, and Lakers also made the top 100 list.

Birthdays and birth years are also not recommended, nor are names, with common monikers like Michael, Jennifer, Thomas, and Jordan listed within the top 50 most commonly used passwords. Swear words, phrases, hobbies, athletes, car brands, and film names were also heavily featured in SplashData's top 100 list.

Using a password management app like SplashID, 1Password, or LastPass is highly recommended, to generate random passwords that are used for a single site and that are more secure than self-generated words, numbers, and phrases.

Widely publicized data leaks across 2013 and 2014 seem to have spurred more people to choose stronger passwords, as the top 25 passwords represented just 2.2 percent of passwords exposed. Along with the well-known iCloud breach, many companies including Home Depot, Target, and Staples saw major data leaks.

Top Rated Comments

(View all)

61 months ago

This article just posted every single one of my passwords!
Rating: 39 Votes
61 months ago
totally related to Apple/Mac somehow.
Rating: 18 Votes
61 months ago
Damn, now I need to change the combination on my luggage!
Rating: 17 Votes
61 months ago
The combination is 1...2...3...4...5?

That's the kind of thing an idiot would have on his luggage!

Edit: stiligfox's Schwartz is slightly bigger than mine...
Rating: 13 Votes
61 months ago
I see 1234567 isn't on there... my new password!
Rating: 13 Votes
61 months ago
Really! After all the media attention surrounding hacked accounts etc, people are still using such ridiculous passwords, there's no helping some individuals. :rolleyes:
Rating: 9 Votes
61 months ago

Here are some examples of 3, 4, and 5 word phrases to give you an idea.
(In this variant, I put dashes between words and capitalize the first letter -- these are mainly to satisfy common password restrictions and don't change the strength of the password a lot.

XKCD: Password Strength (

It has been implemented here: (
Rating: 9 Votes
61 months ago
'Not Locking the Car Door' Named Worst Car Locking Strategy
Rating: 7 Votes
61 months ago
This is why I always use 654321 instead. Gets them every time.
Rating: 7 Votes
61 months ago

It's time we abandon the whole password idea. People simply can't remember and won't be bothered to enter anything long enough and random enough to be secure. We need to go to something else. Biometrics is OK but if it's hacked how do you change your fingerprint. We need some other way to assure that whoever is trying to access systems are in fact the people who should be accessing them.

The password concept is obsolete.

If password managers like lastpass and 1password were not available, I would agree with you. But those apps are so good and so easy to use that there's really no excuse not to have long, random, unique passwords for every site.
Rating: 5 Votes

[ Read All Comments ]