Watch CBS News

The year's worst computer passwords: "Donald" joins the list

Chinese hackers reportedly linked to Marriott data breach
Chinese hackers reportedly linked to Marriott data breach 00:38

One of the basics of computer security is to pick passwords that are tough for hackers to break, yet computer users continue to rely on easily guessed terms like "123456." One notable entrant joins this year's list of the worst offenders: "Donald."

The analysis of 5 million leaked passwords on the Internet from SplashData finds that computer users are still relying on unimaginative passwords that could allow a hacker to gain entry to their accounts. The most frequently used passwords that carry big security risks are "123456" and "password," which hold the No. 1 and No. 2 spots, respectively. 

What might be most disturbing is that these two "bad" passwords have retained the top spots for a fifth consecutive year in SplashData's annual analysis. That demonstrates many consumers aren't heeding warnings from security experts about beefing up their personal security, even as hacks become more widespread, such as last month's massive Marriott reservation system breach

New on the list this year was "Donald," most likely a tribute to President Donald Trump. Consumers often borrow from famous people for their passwords, opening them up to fraud since hackers are well aware of this human foible. 

"Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision," said Morgan Slain, CEO of SplashData, in a statement. "Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations."

The company said it releases its analysis of the "worst" passwords to spur consumers to change their passwords and beef up their security. 

"It's a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year," Slain said. 

The worst 25 passwords 

Including their change in rank from the previous year:

  1. 123456 -- Unchanged
  2. password -- Unchanged
  3. 123456789 -- Up 3
  4. 12345678 -- Down 1
  5. 12345 -- Unchanged
  6. 111111 -- New
  7. 1234567  -- Up 1
  8. sunshine -- New
  9. qwerty -- Down 5
  10. iloveyou -- Unchanged
  11. princess -- New
  12. admin -- Down 1
  13. welcome -- Down 1
  14. 666666 -- New
  15. abc123 -- Unchanged
  16. football -- Down 7
  17. 123123 -- Unchanged
  18. monkey -- Down 5
  19. 654321 -- New
  20. !@#$%^&* -- New
  21. charlie -- New
  22. aa123456 -- New
  23. donald -- New
  24. password1 -- New
  25. qwerty123 -- New
View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.