The 25 worst passwords of all time (yes, "123456" is still there)

2025-06-23
-
Author:
DSwiss

We get it. You're busy, tired and just want to log in quickly - without fuss. But if your password is something like 123456, congratulations: you're at the top of every hacker's wish list.

And if you think you're safe because you've added an exclamation mark (password!) - then unfortunately we have some bad news for you.

In this article, we show you the worst passwords that are still used today, why they are a disaster with an announcement - and how you (and your company) can do better - with hardly any more effort.

The worst candidates: 2024 edition

Every year, IT security companies such as NordPass, Hive Systems and SplashData publish lists of the most frequently leaked, guessed and - frankly - most embarrassing passwords.

Here are the eternal frontrunners of bad decisions:

Bad passwords
Rank password Why it's terrible
1123456Still #1, still bad. Everywhere.
2passwordSo obvious that it's satire.
3adminPopular with small companies... ouch.
4123456789More numbers = more security? Unfortunately not.
5qwertyKeyboard pattern ≠ Security.
6111111The chances of that being safe? Zero.
7letmeSounds like a request. It works like one.
8iloveyouSweet. Sentimental. Easy to crack.
9abc123Safety level: preschool. Literally.
10password1A classic attempt to "outwit" the rules.

Honorable mentions: dragon, football, monkey, starwars.

(No kidding: someone is backing up their work email with starwars123.)

Why are these passwords so common?

Because people are predictable.
If we are forced to create dozens of passwords, then:

  • Let's use simple patterns (e.g. qwerty or asdfgh)
  • Let's use the same password on several pages
  • Attach a number to fulfill "complexity rules" (Password1!, anyone?)

Cyber criminals know this. That's why they rely on dictionary attacks and test masses of known weak passwords from leaks such as RockYou2021 - a collection of 8.4 billion passwords: RockYou2021: Largest Ever Password Compilation Leaked | Cybernews

How long does it take to crack them?

Here's where it gets interesting (and worrying). According to the Hive Systems 2024 password table:

Password security analysis
Password example Time to crack Why?
123456<1 SekundeJust numbers, no complexity.
qwerty<1 SekundeKeyboard pattern.
Password1!1 secondPredictable structure.
Iluvu2024!~2 minutesStill too easy.

Hackers hardly ever try it manually anymore. They simply run bots through breach lists - and wait until a door opens.

"But mine is different..."

Really?

A little mind game: Have you ever used...

  • The name of your pet (bella, max)
  • Your date of birth (julia1985)
  • Your favorite band or football team (beatles!, milan2023)

...then you are at risk.

These combinations appear again and again in leak lists.

Even the appearance of uniqueness is no longer enough. S3cur3P@ssword is not safe when millions have had the same idea.

What makes a good password?

A good password is:

  • Long (at least 12-16 characters)
  • Random (no real words, no patterns)
  • Unique (not used anywhere else)

Example?
Something like: T$7p^z1L!xuKe39@
No hacker will get through that in your lifetime.

And no, you don't have to remember it. There are password managers for that (tip: we know a good one).

The clever solution: Let the password manager take over

If you're trying to store your passwords in your head - you're doing it wrong.

Modern password managers such as SecureSafe Pass:

  • Automatically create strong, unique passwords
  • Automatically fill in login data in browsers and apps
  • Synchronize securely across all devices

Bonus: You only have to remember a single master password. That's it.

No more sticky notes. No more Excel files called my_passwords_final2.xlsx.

Time for a digital spring clean?

Here is your challenge:

  1. Visit Have I Been Pwned
  2. Enter your e-mail address
  3. Try not to panic

And then:

  • Delete inactive accounts
  • Change passwords of leaked or shared accounts
  • Switch to a password manager

They will thank you for the next big leak.

Conclusion

Passwords should be no laughing matter - but unfortunately the worst ones are.

If your password appears on this list: It's time for an update. Become secure. Use a password manager.

Try SecureSafe Pass - and let us create unbreakable passwords for you. So that you are guaranteed not to end up on the "Worst Passwords" list next year.