Here are the passwords you should never use again

People are still using the worst passwords imaginable

Another exposé on the most popular and unbelievably insecure passwords people use online has been published, with the woeful words being derived from a leaked Yahoo database (presumably tied to the massive breach which hit the headlines a couple of months back).

Dr Jeff Yan, a senior lecturer in computing at Lancaster University, has compiled a list of the 10 most popular passwords from said database, and they are predictably weak in terms of password strength.

The top two entries in this gallery of password rogues will be very familiar to anyone who has seen these sort of rankings before: at the top was ‘123456’, followed by the classic ‘password’.

That was followed by ‘welcome’ at number three, ‘ninja’ after that, and at number five we have ‘abc123’ (which at least attempts to mix numbers and letters, but in the absolute worst possible manner).

The rest of the top 10 looked as follows: ‘123456789’; ‘12345678’; ‘sunshine’; ‘princess’; ‘qwerty’ (the letter-based equivalent of 123456, from a keyboard perspective).

Same old story 

Most of these were seen in our worst passwords list published at the beginning of the year, which was topped by the same two entries, although numbers three and four were ‘12345678’ and ‘qwerty’ in this case, which fell further down the list in this Yahoo database.

Yan told the Daily Mail: “Why do [some] use such obvious passwords? A main reason I think is that they’re either unaware of or don’t understand the risks of online security.”

Generally speaking, these sort of passwords are used as a matter of convenience and due to the simple fact that they won’t be forgotten. And often they are used across different accounts, again usually because folks think they’re making their life easier.

Until they get hacked due to these terribly insecure passwords, that is – at which point life will become much more difficult.

Of course, good practice is to always use a different password for every single online account – so if an attacker gets hold of one of your passwords, they won’t gain access to more than that single account – and also to use strong passwords (which we discuss here).

If you want an easy and convenient solution, rather than using stupidly-easy-to-guess passwords, adopt a password manager instead – we’ve got some recommendations on that score here.