Skip to content ↓ | Skip to navigation ↓

SplashData’s list of the most common passwords for 2014 has security experts urging users to change their passwords.

“123456” and “password” retain their top spots on the list at numbers 1 and 2, respectively. They are then immediately followed by other easily guessable combinations, such as “12345678” at number 4 and “qwerty” at number 5.

Further down the list, passwords such as “monkey,” “letmein,” and “trustno1” have moved either up or down to accommodate newer entries, which include “batman,” “access,” and “mustang.”

Provided below are the first 20 most common passwords of 2014.

1. 123456 No Change
2. password No Change
3. 12345 Up 17
4. 12345678 Down 1
5. qwerty Down 1
6. 123456789 No Change
7. 1234 Up 9
8. baseball New
9. dragon New
10. football New
11. 1234567 Down 4
12. monkey Up 5
13. letmein Up 1
14. abc123 Down 9
15. 111111 Down 8
16. mustang New
17. access New
18. shadow Unchanged
19. master New
20. michael New
21 superman New
22 696969 New
23 123123 Down 12
24 batman New
25 trustno1 Down 1

This list represents a continuing gap in password security awareness among general web users. Indeed, as a recent experiment by Jimmy Kimmel Live illustrates, not only do many users today secure their accounts with weak passwords, but also they are willing to reveal their passwords on national television, either via subtle trickery or by their own accord.

You can watch the experiment below:

By contrast, Tripwire’s experiment with attendees at the 2012 RSA Conference went much differently. View it here:

As always, we as information security professionals must urge our co-workers, colleagues, and clients to use safe passwords on all of their accounts.

Each of their passwords should incorporate the following suggestions:

  • Is at least 15 characters long.
  • Contains a variety of different characters, including upper and lowercase letters, numbers, and symbols such as ( * $ ] > .
  • Does not include first names, last names, or any dictionary-based words.
  • Is not reused on any other account.