Consumer Comeback Blog

Protect You Identity By Avoiding the Top 25 Passwords

Practically every website requires a username and password, so you would think that by 2012, consumers would have gotten the hang of coming up with a password. Not so much.

October is National Cyber Security Awareness month, and SplashData released the 25 most popular passwords that are easy for scammers to hack. With winners like “password” and “123456” topping the list, consumers continue to disregard well-known advice on creating strong passwords.

In addition to employing a little creativity with your password, you can also protect themselves from identity theft by monitoring their credit report. When someone fraudulently opens a line of credit in your name, it appears on your credit report and can affect your credit score.

In light of recent data breaches at sites such as Yahoo!, LinkedIn, eHarmony, and, consumers should be particularly careful about choosing a password.

The most popular passwords in 2012 include:

  • 1 password Unchanged
  • 2 123456 Unchanged
  • 3 12345678 Unchanged
  • 4 abc123 Up 1
  • 5 qwerty Down 1
  • 6 monkey Unchanged
  • 7 letmein Up 1
  • 8 dragon Up 2
  • 9 111111 Up 3
  • 10 baseball Up 1
  • 11 iloveyou Up 2
  • 12 trustno1 Down 3
  • 13 1234567 Down 6
  • 14 sunshine Up 1
  • 15 master Down 1
  • 16 123123 Up 4
  • 17 welcome New
  • 18 shadow Up 1
  • 19 ashley Down 3
  • 20 football Up 5
  • 21 jesus New
  • 22 michael Up 2
  • 23 ninja New
  • 24 mustang New
  • 25 password1 New

So, now that we know which passwords NOT to use, the University of Virginia Information Technology Services offers the following guidelines for choosing a strong password:

Don’t Use

  • Your first or last name in any form
  • Your spouse’s or child’s or pet’s name
  • Other information easily obtained about you (this includes license plate numbers, telephone numbers, Social Security numbers, your vehicle brand, your street, etc.)
  • A password of all numbers, or all the same letter
  • A word contained in English, foreign language, or specialty dictionaries
  • A password shorter than 8 characters

Do use:

  • Mixed-case alphabetics (both lower- and upper-case letters)
  • Nonalphabetic characters, e.g., numbers/digits and/or punctuation (the strongest passwords have both)
  • 8 characters (or more, if allowed, but there are exceptions)
  • A password that is easy to remember, so you don’t have to write it down
  • a password that you can type quickly, without having to look at the keyboard (this makes it harder for someone to steal your password by watching over your shoulder)
  • Comments