25 Passwords that Hackers Expect You to Use

 In All Posts, Security

When it comes to securing online accounts the first line of defense is your password. When choosing a password there are many best practices that you should follow. The main purpose of this post is to inform you of the 25 most frequently used passwords. When we first begin working with clients it is not uncommon for them to be using one of the passwords on this list. If you use any of the passwords on this list we highly recommend changing them something more secure.

After you are done looking over this list we recommend that you continue reading to learn some of the best methods for choosing and protecting your passwords.

The following data was compiled by the gurus over at Splash Data.

1.) 123456
2.) password
3.) 12345
5.) qwerty
6.) 123456789
7.) 1234
8.) baseball
9.) dragon
10.) football
11.) 1234567
12.) monkey
13.) letmein
14.) abc123
15.) 111111
16.) mustang
17.) access
18.) shadow
19.) master
20.) michael
21.) superman
22.) 696969
23.) 123123
24.) batman
25.) trustno1

After looking over this list what did you find? Are you currently using any of these passwords? If so, you shouldn’t feel bad but you should immediate change them to something more secure. Here are some tips for creating a password that is much more secure than those listed above.

High Complexity Passwords

Depending on where you look, the definition of a “High Complexity Password” varies but we have found that different organizations base their definition of the same basic factors. These factors often include length of the password and a combination of letters, numbers, symbols and capitalization.

We recommend using a minimum of 8 characters. We also recommend that you use at least 3 of the following 4 characters. An uppercase letter, a lowercase letter, a number and a symbol. This makes it much harder for a threat agent to crack your password.


People often use passwords that have some significant meaning in their lives. This makes the password easier to remember but also easier for a threat agent to guess. People will often use birthdates, the names of their children or spouse, they may use the name of a beloved pet or even their street address. While this may make it much easier for people to remember, a little bit of snooping through your social media accounts can give threat agents the information they need to guess your password. That’s where using pass phrases can come in handy.

A passphrase isn’t a word but it also isn’t a series of random characters that are hard for people to remember. It is easy for people to believe that creating an insanely long and random password is the most secure, that thought is inaccurate. The reason for this is because people will often write these passwords down and when they write them down a threat agent may get a glimpse of the password.

When coming up with a passphrase think of something that has meaning to you. This may be something like a verse from the Bible. Let’s take Romans 3:23 for example.

For all have sinned and fall short of the glory of God

You could alter this a bit and use it as a passphrase. A passphrase would look something like this:


As you can see I used the first letter of each word and added the verse number at the end. This is easy to remember and is also complex.

We hope this information was useful to keeping your accounts safe and more secure. Thank you for reading!

Recent Posts

Leave a Comment