Data Security: 2013’s Worst Password Is 123456.

What is the worst password?  According to, the top worst password is 123456.  The site goes on to note that it finally “dethroned” perennial worst password winner password.  Familiar entries, for those who follow this kind of stuff, comprise the rest of the “worst passwords” in their top 25 list.  A hint: if you’re using data encryption software please refrain from using any of these as your password.

It’d be like getting all the latest security technology for your home, only to leave the master key under the welcome mat.

Abode Breach Affects Results

The biggest breach in 2013 was the Adobe breach.  Like a tidal wave rushing the shore and decimating everything that comes before it, the breach affected the worst password results.  Here’s that list: 

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

As you can see, references to Adobe and its software offerings are peppered throughout the list.  (This is not unexpected.  When RockYou had its data breach, rockyou was one of the top ten passwords).

Perennial favorites like iloveyou (#9), password1 (#21), and trustno1 (#24) also were present.

Also notice the presence of azerty (#23), which is a weird entry for people accustomed to a US keyboard layout, but not to so much for European residents (azerty is the qwerty of European keyboards).

As Easy as 1, 2, 3

Then there are the numbers: 123456 (#1), 123456789 (#6), 1234567890 (#13), 1234 (#16), and 12345 (#20).  Also, 00000 (#25), but I exclude it because it breaks the 1234 pattern.  Why do I bring this up?

I’d say that these passwords are actually one and the same, and reflect something else: the minimum password limits that different websites place on their users.  A string of consecutive numbers is the easiest password you can get, after all.  Password length requirement is 6 characters?  123456 is your password.  At least 8 characters are required?  12345678 is your password.  And so on.

We have to assume that the Adobe hack must weigh heavily on the results, but it looks like most passwords are required to be at least six characters in length (#1, #6, and #13 in my sample.  The list of 25 shows the top 15 to be at least 6 characters in length with the exception of #12, admin).

Kind of makes one wonder who’s allowing passwords that are shorter than 6 characters in this day and age.  It was only in 2010 that researchers showed 12-character passwords to be minimum when it comes to acceptable security.  Four years later, you can bet that passwords need to much longer now.

Related Articles and Sites:


Comments (0)

Let us know what you think