The List of 100 Worst Passwords of 2019

the list of 100 most common passwords of 2019

A lot of users out there still have not grasped the importance of practicing strong passwords. The number one on the list of the most used passwords of 2019 is still unchanged, which is the predictable series of numbers, “123456”, and the second one, “password,” remains unchanged too.

There are also new players in the top 20 of most common passwords, including “111111,” “sunshine,” and “princess,” among others, while others such as “admin,” “iloveyou,” and “abc123” remain on the same spot on the list of most popular passwords.

Sadly, there are Internet users who are still using these passwords, even when security experts have been warning them against these weak passwords for years.

The 100 Most Common Passwords

Here is a table showing the complete list of Splashdata’s version of 100 most popular passwords of 2019, and hopefully your passwords aren’t on it:


#1  123456

#21 charlie

#41  summer

#61  sophie

#81  merlin

#2  password

#22 aa123456

#42  George

#62  Ferrari

#82  cookie

#3 123456789

#23 donald

#43  Harley

#63  Cheese

#83  ashley

#4 12345678

#24 password1

#44  222222

#64  Computer

#84  bandit

#5 12345

#25 qwerty123

#45  Jessica

#65  jesus

#85  killer

#6 111111

#26 letmein

#46  ginger

#66  Corvette

#86  aaaaaa

#7 1234567

#27 zxcvbnm

#47  abcdef

#67  Mercedes

#87  1q2w3e

#8 sunshine

#28 login

#48  Jordan

#68  flower

#88  zaq1zaq1

#9 qwerty

#29 starwars

#49  55555

#69  Blahblah

#89  mustang

#10 iloveyou

#30 121212

#50  Tigger

#70  Maverick

#90  test

#11 princess

#31  bailey

#51 Joshua

#71  Hello

#91  hockey

#12 admin

#32 freedom

#52  Pepper

#72  loveme

#92  dallas

#13 welcome

#33  shadow

#53  Robert

#73  nicole

#93  whatever

#14 666666

#34 passw0rd

#54  Matthew


#74  hunter

#94  admin123

#15 abc123

#35  master

#55  12341234

#75  amanda

#95  michael

#16 football

#36  baseball

#56 Andrew


#76  jennifer

#96  liverpool

#17 123123

#37  buster

#57 lakers

#77  banana

#97  querty

#18 monkey

#38  Daniel

#58  andrea

#78  chelsea

#98  william

#19 654321

#39  Hannah

#59 1qaz2wsx

#79  ranger

#99  soccer

#20 !@#$%^&*

#40  Thomas

#60 starwars

#80  trustno1

#100 london

How to Avoid Getting Your Passwords into the Most Used Passwords List

Even if your password isn’t on the list of the worst passwords of 2019, it doesn’t mean that you are safe from cybercrimes. Below are tips on how to strengthen your passwords, to make it difficult, if not impossible, for cybercriminals to tap into your accounts.

  • Meet security conditions. Make sure that your passwords are 10 to 15 characters long, and are combinations of unique characters, upper and lower case letters, and numbers. Even when a website’s password requirement isn’t stringent, make it a habit to meet these security conditions.
  • Use different passwords for different accounts. You have social media accounts, work email address, personal email address, online banking accounts, and e-commerce accounts. If you use the same password for all of these accounts, a cybercriminal will only need to get a hold of one account to be able to get into every only consideration that you own. And this is regardless of the strength of your password. Even if you use a very long and complicated password, it won’t do any good when you use it for all of your online accounts.
  • Change your password. The subject on how often passwords need to be changed has been up for debate, with some experts saying that changing your passwords often will pose security risks. The security policy of most companies is to prompt their employees to change passwords every 30, 60, or 90 days, but it looks like this policy is outdated. The general rule of thumb is to change passwords every 30 days for accounts that don’t have two-factor authentication, an extra layer of security that ensures only the right person can log in to a statement even when another person gets hold of the password.
  • Don’t reuse old passwords. The reason why changing your password regularly has become a controversial security measure is because people tend to reuse their old passwords. Some people also use the same patterns, which makes it easy for hackers to guess. 
  • Don’t use personally identifiable information. The first things that hackers will try are passwords that contain your name and date of birth. They don’t need sophisticated systems for this, as this information can be found easily on social media, medical records, and school documents. So make sure that your passwords do not contain any of these personal data, including the name and date of birth of your spouse, children, parents, or siblings.

There are more actions you can take to make your passwords stronger and more secure, but these are the most basic ones. Make sure that your passwords are long and complicated, don’t use the same password for all of your accounts, change your password regularly, don’t use passwords you’ve used before, and avoid using your name, date of birth, and other personal information as your password.

When Strong Passwords Aren’t Enough

As technology and the Internet becomes more and more sophisticated, hackers and other cybercriminals have also employed more advanced systems and software that enable them to get into people’s online accounts maliciously but subtly. In one way or another, they can get a hold of your password even when you’ve done everything to strengthen them. 

Also Read :
11 Password Security Faux Pas You’re Probably Making

There are some solutions you can use to make sure that the above won’t happen. These are great compliments to your secure passwords, to make sure that your accounts are safe and secure.

Enable two-factor authentication (2FA)

2FA is a kind of multi-factor authentication which is an extra layer of security that most websites have in place. Aside from the password, you need to input a different code which users get through SMS. Two sources of authentication ensure that only one user can log in to the account, even when somebody else knows the password. 

Also Read :
Tips on how to create a secure password

The mechanism allows access only when two factors did their part. The password works well, and the user has the device to which the code was sent. When these factors are satisfied, the user is validated and provided access to the account.

Adopt a Password Manager for Strong & Unique Passwords

Remember the tip above where you need to use a unique password for each of your accounts? It’s a handy and practical step in strengthening your security, but most people don’t do it because it is a tedious job. You would have to remember every password, so if you have ten online accounts, you would have to memorize ten different passwords. And you can’t use names or birthdays either, so it will be tough to remember everything.

Password managers can help you with this dilemma. You can store your passwords on them which are encrypted, of course. There are even password managers that help you come up with random passwords. Like VPNs, there are free and paid password managers, but the most popular ones are SplashData, 1Password, and LastPass.

Connect through a VPN to Protect from Eavesdropping & Snooping

When you use a VPN, all of your network traffic will pass through an encrypted tunnel, making it difficult for anyone monitoring in to see your data. A VPN dramatically increases your security while doing online activities, whether you’re transmitting data, checking your emails, or doing financial transactions.

However, not all VPNs are created equal. There is a vast difference between private and public VPNs, the same way that the quality of VPN services also differ depending on the provider. The best VPN provider not only use the latest encryption standards such as AES 256-bit and IKEv2, but they also have premium features that make their service stand out. Listed below are some of the features you should look for in a VPN provider:

  • Affordable but not free. Free VPNs Do not solve security issues, but instead, they pose security risks. Most of these Free VPNs earn money by logging your personal information and selling the data to data brokers and advertisers. In effect, the VPN is not their product. Their product is you and your data. Therefore, opt for a paid VPN service provider which will give you the digital security that you need.
  • Zero-logs VPN. There are VPN providers who don’t disclose the information that they log, and this should be a cause for concern. For all you know, they could be registering personally identifiable data and earning money off your data. Look for a VPN provider whose fine print tells you that they don’t log any personal data.
  • Fast and reliable. You may have heard again and again that using a VPN can significantly slow down your network connection. While this is true to some extent, there are VPN providers that will not affect your speed so much. There are even providers that allow you to bypass bandwidth limitations set by your Internet Service Provider or ISP. 
  • Reliability is also crucial since you won’t be able to do anything significant online if the VPN client keeps crashing or the VPN servers keep on disconnecting. A VPN provider that has 95% and above uptime is quite good already.

A VPN can keep you secure, even more so than a strong password. Still, VPN users must strengthen their passwords as prevention is always better than cure.

Enhance Your Password Security

Password security is everyone’s concern, and although online companies and the government should push for a more secure digital world, users have to take their own initiative. If we rely on others for our digital security, we could wake up one day with our identities stolen or our data compromised.

Also Read :
5 Tips To Make Your Password Strong And Manage Them Securely

With all the news about identity theft, data phishing, hacking, data for ransom, and other criminal activities that are increasingly being committed in cyberspace, digital security has become a major concern for several people these days. For most of the regular Internet users, cybersecurity starts by having a strong and secure password. 

Strengthening your password is the most basic step to a more secure online connection, so you have to avoid using any of those listed on the worst passwords of 2019. You may also use a password manager to ensure the uniqueness of your passwords in all of your online accounts.

Protect Your Passwords from Breaching, Snooping and Brute-forcing

Aside from this, a holistic approach to online security and privacy is the use of a VPN and a password manager. VPNs not only protects your passwords from snooping, but they also preserve all of your network traffic by making it unreadable to hackers and spies. And password managers give you strong, unique passwords for every website you interact with so that your accounts can’t be breached or brute-forced.

A Complete gamer and a Tech Geek. Brings out all her thoughts and Love in Writing Techie blogs.