Skip to main content
  1. Home
  2. Computing
  3. News

These are the worst passwords of 2018. Is yours on this list?

By

Despite warnings by security experts and repeated breaches, it appears that some internet users have not updated their passwords to a more secure one. SplashData, the company that makes password manager SplashID, studied more than 5 million leaked passwords from recent breaches and found that many of the commonly used passwords on the list are commonly used bad passwords from previous years, like “123456,” “password,” “admin,” and “abc123.”

Making it into the top 25 for bad passwords this year are “donald,” “princess,” and “sunshine.” If you’re guilty of using one of the offending passwords on SplashData’s 100 top worst passwords list of 2018, it’s time to get more creative.

Recommended Videos

Using simple, easy to guess, or a commonly used bad password make your account more susceptible to hacking, which can lead to financial fraud or having your personal information exposed or leaked. Here are the top 10 bad passwords for the year, but you can see the complete list of 100 bad passwords for 2018 from SplashData:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

For starters, users can use a password manager to collect their passwords securely in one place. Some popular ones include SplashData’s SplashID, LastPass, and 1Password. In addition to securely storing your passwords, many password managers can also dynamically generate unique, strong passwords when you need to create a new site login or update an existing credential. With a unique password, if one site gets breached, your other credentials wouldn’t be affected.

For banking, Gmail, social media profiles, and other important websites, you can also add multi-factor or two-factor authentication. In addition to requiring a username and password, an additional authentication factor, like a six- or eight-digit passcode, must be used to log in These codes are either sent to you via text message or can be obtained through an authentication app.

Another way to make your password great again is to use an inexpensive hardware-based security key. Prior to releasing its own Titan USB key, Google claimed that when it started internal testing by requiring its employees to use a hardware key in 2017, it saw zero incidents of phishing attacks. With multi-factor authentication, even if an attacker has your login credentials, they wouldn’t be able to access your account without having a hardware key, a passcode sent to your phone, or a unique code that’s generated with an authentication app. Once linked to your account, the hardware keys will work with Windows, Macs, and smartphone devices over USB, USB-C, Bluetooth, or NFC connections, depending on the variant of the key.

Editors' Recommendations

Topics
Chuong Nguyen
Chuong Nguyen
Former Digital Trends Contributor
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more