The worst passwords

A Data Center
It's an old article, but curiously still relevant in 2023: in 2014, the American software company Splash Data published a list of the currently most popular and therefore most insecure passwords on the internet. And what about your passwords?

The 25 most commonly used passwords worldwide


  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  1. 123456789
  2. 1234
  3. baseball
  4. dragon
  5. football
  1. 1234567
  2. monkey
  3. letme
  4. abc123
  5. 111111
  1. mustang
  2. access
  3. shadow
  4. master
  5. michael
  1. superman
  2. 696969
  3. 123123
  4. batman
  5. trustno1

Has much changed in the meantime? – probably not.

Data from 3.3 million cracked passwords was evaluated for the analysis.
Source (no longer online):

So it’s mainly rows of numbers, rows of letters on the keyboard, sports, animals, superheroes, swear words.

The words refer to the English-speaking world. In Germany, however, things will be similar: “qwertz”, “asdfg”, “fußball”…

“Social” passwords

Not included in the list but just as easy to crack are the so-called“social” passwords. With a bit of searching on the web and a look at the Facebook website, these are also very easy to guess: Your own company name, user name, e-mail address, date of birth, wedding date, child’s name…

Multiple use

If you then use the same password several times, or if the data thief has a password sent to the email account that has just been cracked using the “forgotten password” function that many websites offer, even a password in a supposedly unimportant place can cause a lot of mischief.

Why don’t Internet providers help?

Modern Internet providers make it difficult to guess passwords, for example, by limiting the number of times you can enter something incorrectly before you are blocked. But this is not the case everywhere and a hacker can bypass this relatively easily. Many companies only store passwords in encrypted form. That is a certain protection. But do you want to rely on the fact that your favorite website, of all places, is not careless with password storage? Due to the system, e-mail passwords are more difficult to protect against guessing.

Software helps with password management

To ensure that secure passwords remain easy to use and that you can use a different password for each website without getting confused, you can get help from good software, so-called“password managers“.

You then only need to remember a (hopefully good) password for the program itself and the program then automatically fills in all logins on websites with the stored access data. If you don’t want to spend money on it: Simple solutions are built into good browsers, such as Firefox.


The biggest enemy of your own safety is simply your own laziness. 🙂

You should use tools where you need them and they are convenient: Password managers – it’s best to try out different ones. We use 1Password, but it is in English and costs a (manageable) amount. – In addition, of course, there is regular system maintenance: updates and virus checks.

We recommend using strong passwords (longer than 16 characters that do not appear in the dictionary). And do not use passwords more than once.

See also our blog post Secure passwords.

Update 2023: Link to former source removed as no longer valid.

DISCLAIMER: The TBA-Berlin is not a law firm. The content provided here is for general information purposes only and does not constitute legal advice. We recommend that you seek independent legal advice before taking or refraining from taking any action based on the content provided here.

TBA-Berlin makes no representations or warranties, express or implied, as to the accuracy, adequacy, validity, reliability, availability or completeness of the information referenced herein. Your use or reliance on any information contained herein is for your personal use and solely at your own risk.


More news

Domain Renewal Reminder” e-mail

Sometimes domain owners receive reminder emails in English that their domain will expire if they do not respond. You can safely ignore such emails with us: With the German providers we use, domains are renewed automatically (until cancellation).

Continue reading »