Worst passwords of 2016 revealed – and 123456 is STILL top of the list

Analysing all the data breaches from last year turned up some not-so-surprising statistics


And top of the list was “123456” – a six figure password that most hackers could crack in just a few seconds.

Keeper, the password management firm that conducted the research, examined 10 million passwords and, amazingly, 17% of accounts were safeguarded with “123456”.

“Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads,” said Darren Guccione, co-founder and CEO of Keeper Security.

“What really perplexed us is that so many website operators are not enforcing password security best practices,” he wrote .

The company says the list of most frequently-used passwords hasn’t changed much over the last few years. Even as high-profile hacks have hit the likes of LinkedIn, Yahoo and Tumblr in the last twelve months alone.

Last year, similar research put “password” as the second most-used password of the year but in 2016 it fell to eighth on the list.

“The presence of passwords like “1q2w3e4r” and “123qwe” indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best,” explained Guccione.

“Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.

“We can criticize all we want about the chronic failure of users to employ strong passwords. After all, it’s in the user’s best interests to do so. But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.

“It isn’t hard to do, but the list makes it clear that many still don’t bother.

Here’s the complete list of the most-common passwords that were hacked in cyberattacks last year.

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

Best practice for creating secure passwords

Considering how much of our information is now stored online, it’s never been more important to make sure it’s secure.

Cyber security firm Sophos has given some top tips about creating a secure password that can be applied to everything from your email to your Netflix account.


  • Use a password phrase and make it relevant. If you’re joining a crossword site, think “knot my pencil” and write it something like this: Kn0tmyP3n$il
  • Make it something you can visualize. It’s easier to remember that way
  • Make it more than 10 characters and include capitals, numbers and symbols
  • The more personal the better. For a clothing retail site think “mY5orit3$hirt’sR3d” (my favorite shirt is red)


  • Use names: pets, businesses, family, friends, etc.
  • Use letter or number patterns: 1234, abcd, etc.
  • Use birthdays, addresses, postal or zip codes, even if you add a number or symbol
  • Use less than 10 characters
  • Store them locally or on the Internet


Comments (0)

Leave a comment