7 Password Mistakes That Will Likely Get You Hacked

Joel Lee 04-02-2016

You’ve heard it all before and you’re probably sick of it. Password safety 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More is an oft-drilled topic that easily enters one ear and oozes out the other, but we can’t emphasize this enough: settling for a weak password is like leaving all of your doors unlocked.


Just because you’ve never been robbed before doesn’t mean it’s safe to leave your doors unlocked, does it? It only takes one unforeseen incident to lose everything 3 Online Fraud Prevention Tips You Need To Know In 2014 Read More — and the same holds true for your email accounts, bank accounts, and whatever other accounts you hold dear.

Maybe one day we’ll move beyond usernames and passwords Why Usernames & Passwords Are A Thing Of The Past, And How To Cope With This With every other hacked database and credit card scandal that occurs, it becomes more evident that we can't rely on passwords for much longer. But if not passwords, what else is there? Read More , but for now, it’s absolutely critical to strengthen your weak passwords. It takes very little effort, and trust me, you don’t want to be the one who loses everything but could’ve prevented it with a few simple tweaks.

The Worst Passwords of Last Year

It isn’t easy to determine the “worst passwords” being used because passwords are (hopefully) kept secret and hidden. However, a company called SplashData tallied up over 2 million leaked passwords, evaluated them, and compiled them into a ranking. Here’s what they found:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

As you can see, these really are the worst of the worst. At this point, anyone who’s using one of the above (or anything close to one of the above) might as well not have a password at all. You wouldn’t believe how quickly a hacker could crack a password that simple!

Also, let’s be abundantly clear: If you think you’re safe because your password isn’t on that list, then you’re absolutely WRONG. These passwords are bad because they all share characteristics of easily-hacked passwords, and it’s possible that your own password does too.


So let’s take a look at why these are so terrible and what you can do to make sure your accounts are truly safe and sound.


1. The Obvious Password

Seven of the worst offenders in that list are all variations on the same basic password: consecutive numbers. We see 1234, 12345, 123456, 1234567, 12345678, 123456789, and 1234567890. I’m positive we also would’ve seen 1, 12, and 123 in the list if most websites didn’t enforce a four-character minimum.

It’s clear that people are using this password (and its variations) because it’s super easy to type. Just run your fingers from left to right across the numbers! That’s why qwerty and qwertyuiop are on the list as well.


But passwords aren’t meant to be easy! A lot of people forget this for some reason. Using an obvious password — one that took you no time to devise — is just asking for someone to guess it. You might as well be using a lock that can be opened by any key.

2. The Default Password

It’s astounding that password is as widely used as it is. To be fair, a lot of devices come with that as the default password, but they also come with the expectation that the end user will at some point change that password to something more secure How to Find and Change Your Wi-Fi Password on Windows 10 Need to find or change your Wi-Fi password? Here's how to change and locate your Wi-Fi password on a Windows computer. Read More .

Unsurprisingly, it seems that a lot of folks are lazy and either refuse or forget to make that change. So, for example, even if your wireless network is properly set up 10 Crucial Features to Use in Your Wireless Router Setup at Home Most wireless routers are equipped with a handful of amazing features that you probably aren't taking advantage of. Here are some of the more useful ones to start exploring right now. Read More , it would take zero effort to break in if you’re still using the default password.

Here’s the takeaway: whenever you get a new device or account and you’re given a default username and password — such as admin/admin or admin/password — do yourself a favor and change it immediately. Don’t delay.



3. The Short Password

One of the most important aspects of an unbreakable password 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More is absolute length. Every additional character — whether it’s a letter, number, or symbol — expands the possibility space and makes your password exponentially harder to crack.

So in a sense, nothing is worse than a short password, and this is made evident when you look at the list of terrible passwords. (Only three of them have more than eight characters, and even eight characters is too short for real protection these days.) 1234 and solo are especially bad.

Make your passwords longer! Yes, even longer than what you’ve got. Wondering whether your password is long enough? It probably isn’t. Tack on a few more characters at the end. A lot of hackers rely on brute force, and this is a super-effective way to deter them.


4. The “No Numbers or Symbols” Password

All things considered, a longer password of only letters is usually better than a shorter password with letters, numbers, and symbols — but a longer password that incorporates letters, numbers, and symbols is certainly the strongest of the three.

The reason for this is that you want to maximize the number of possible choices for each character in your password. If you only use letters, that’s 26 possible choices per character. If you use letters, numbers, and symbols, that’s at least 46 possible choices per character — and that difference has an exponential impact.

So aywiresufzklthfrs is an okay password, ayw4r2s8f8kl43f2s is even better, and a!w4_2s8#8kl43f2% is the best. As you can see, none of the items in the worst passwords list have any symbols in them. Coincidence? Not at all.


5. The “L33T SP34K” Password

If you’re going to use numbers and symbols in your password, there is one caveat that you need to know about: if your password contains complete words, never make simple letter-to-number or letter-to-symbol substitutions for individual characters.

For example, if your password is cableCABLE, don’t replace the a with @, the l with 1, the A with 4, and the E with 3. You might think the resulting password — c@b1eC4BL3 — is a lot stronger than the original, but there’s a good chance it isn’t. (No, passw0rd is not any better than password.)

Password hackers know that people like doing this, so if one tries to break into your accounts, they’re going to try all of these substitutions anyway. Similarly, if your name is DANIEL and you set your password as D4N13L, it’s still pretty easy to guess.

6. The “Personal Info” Password

While we’re on the subject of using your name in your password, there’s only one thing to say: DON’T! In fact, whenever you’re trying to come up with a new password, never include any personal details. A good password should have no relation to you whatsoever.

For example, it’s clear that a lot of people like football and baseball, both of which appear on the list. If you’re a big fan of either sport, it would be trivial to guess.

Of the many ways that a hacker can break your password The 7 Most Common Tactics Used To Hack Passwords When you hear "security breach," what springs to mind? A malevolent hacker? Some basement-dwelling kid? The reality is, all that is needed is a password, and hackers have 7 ways to get yours. Read More , social engineering is one of the most effective. Nowadays, personal details are available all over the Web (especially on social networking profiles), and that kind of access makes it easier to guess weak passwords.

Instead, you may want to use one of these strong password generators How to Generate Strong Passwords That Match Your Personality Without a strong password you could quickly find yourself on the receiving end of a cyber-crime. One way to create a memorable password could be to match it to your personality. Read More that can create passwords based on your personality and interests.


7. The Pattern Password

I’ll be the first to admit that I memorize all of my passwords through muscle memory, so whenever I need to come up with a new password for a new account, it’s always tempting for me to rely on some kind of pattern in the keyboard keys.

There’s nothing wrong with that if you do it properly. After all, muscle memory is a great way to memorize long, unwieldy passwords that are otherwise nonsensical. However, never resort to an overly simplistic pattern, like 1qaz2wsx, qwerty, or qwertyuiop.

This advice is definitely more important in situations that require a four-digit PIN — such as for ATMs or smartphone lock screens — since PINs have a much smaller possibility space than full passwords. Still, try to make sure your pattern passwords aren’t too obvious.

Good Passwords Aren’t Hard to Make

As important as it is to eliminate weak passwords, it’s also crucial that you enable two-step verification What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More on every account that supports it. Most bank accounts, email accounts, and online shopping accounts these days support two-step verification Can Two-Step Verification Be Less Irritating? Four Secret Hacks Guaranteed to Improve Security Do you want bullet-proof account security? I highly suggest enabling what's called "two-factor" authentication. Read More .

Furthermore, you should have a unique password for every single account you have. It sounds like that would be impossible to manage, but it’s effortless if you start using a password manager Password Management Guide Don't feel overwhelmed by passwords, or simply use the same one on every site just so you'll remember them: design your own password management strategy. Read More (which you really should if you aren’t already).

Lastly, strong passwords are only one piece of the online security puzzle. Be sure to build good security habits Change Your Bad Habits & Your Data Will Be More Secure Read More if you really want peace of mind in this chaotic online world.

What’s the worst password you’ve ever used? How diligent are you about using strong passwords? Do you use a password manager? Share your experiences with us in the comments below!

Image Credits: Password on Post-It by shutteratakan via Shutterstock, Short Password by Naghiyev via Shutterstock, Hacker Password by triocean via Shutterstock, Phone Passcode by ymgerman via Shutterstock

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. techsanjeet
    August 30, 2019 at 12:48 pm

    I Use Weak Passwords For Services I Do Not Care About, But I Can Fairly And Easily Create, And Remember, Individual Passwords For All Others.

    Using Password Managers? - Not Me.

    Why Would I Give All My House Keys To A Third Party Service Or Software?

    What Could Possibly Go Wrong?
    1000+ Funny WiFi Names for Router Network SSID [2019 Latest=

  2. Michael
    November 24, 2016 at 12:19 pm

    Anonymous is the best hacker around just give it a shot for your credit cards top ups , bank deposits , block chain and Bitcoin hacks, A remote mobile phone hack and tracking, advance spying spyware and remote installation, location of missing persons and tracking a scammer.

    Contact. Darkwebguru at gmail dot com

  3. Koopa
    June 11, 2016 at 12:31 am

    My password has a capital, some letters, some numbers and a symbol, but I also use it for every account. I use it for ROBLOX, for Social Media, for Pretty much everything. And whenever I change it (which I only do on my Apple ID password) I only change the numbers

    • Joel Lee
      June 14, 2016 at 12:46 pm

      Nice! Your password seems adequately complex. I would advise against using the same password for all services (if one gets hacked, the rest could get hacked too) but I know that can be a big pain in the neck to manage. :P Thanks for sharing, Koopa.

      • John
        January 30, 2017 at 4:05 pm

        Hey Koopa,
        For years I did the same thing. I finally got smart(er) and diversified my passwords a little more. Joel is right though: the risk is that if one of your password accounts get hacked, they all do (or can be hacked by the same bad guy).
        One idea that Joel didn't hit on, though -- was the idea of using a "pass phrase". I used to do this a lot -- when I had to choose a new password for work, I'd basically pick a song I liked that I heard on the radio and use a line from it with a few capital letters (every other word, for example) plus a special character and at least one number and that would be my new password. It worked great _until_ we got a new copier at the office and if you wanted to scan anything and send it to anyone (including yourself), you had to authenticate. Typing 25 characters with spaces, mixed case, special characters and numbers on a copier "keypad" was just too prone to errors, so I simplified back to smaller passwords.
        Good luck!

  4. crupA#8Ra_Es
    February 12, 2016 at 12:23 am

    I use Norton Identity Identity Safe. It is synced between all of my devices. I use a sixteen character password to access the identity safe and then a minimum of eight and max of 12 characters for my passwords. My biggest complaint is that there should be an international standard for passwords. Some sites do not allow numbers as the first character, some do not allow special characters as first character and some do no allow double characters.

  5. Pranay
    February 7, 2016 at 2:04 am

    I am using Enpass Password Manager ! Its best

  6. Glenn Herrick
    February 5, 2016 at 9:57 pm

    I would like to understand pass-word generators, and how to "remember" what they provide and I would use. As I understand it, generators can make as many nearly uncrackable passwords as anyone could need, but I would need some method to provide them to me when I need each one. If the data base is stored on someone's server, then that server can be cracked. If the db is on one of my devices, then it is crackable once someone breaks in, If I need it also on another device and cannot keep the db in the cloud... That seems a reasonable request for someone to address in a MakeUseOf article, or even better on some popular publication like NYT. Please.

    • Anonymous
      February 11, 2016 at 1:47 pm

      Memorize a strong, uncrackable password for your password generator/storage, and (unless your computer is compromised), you're fairly safe.
      There is a strain of malware that exists to hack into KeePass databases while the program is running; that being said, there's no reason to go without strong, reputable antivirus/antimalware these days...none whatsoever. ("I'm smart, I don't surf pr0n or risky sites!" is not an can be hacked without using a browser!)

  7. Anonymous
    February 5, 2016 at 8:06 pm

    Also, any decision makers responsible for the profusion of websites that refuse to allow passwords containing symbols should be given 15 minutes to clear out their offices.

    • Anonymous
      February 11, 2016 at 1:47 pm

      Also those that allow only 10 character passwords (I'm talking to you, Jack Henry Associates/NetTeller!)

  8. Fik of borg
    February 5, 2016 at 1:12 pm

    I try to use strong passwords (for instance, initials of movie quotations vaguely related to the service the password is for, with some digits thrown in), but I don't feel safe using an online password manager like Lastpass. Instead I use a semi-private, semi-open-source solution: an encrypted KeePass database synced with Dropbox between devices.

    My method does not solve another issue: the need to share some but not all of the passwords, or give limited access (read but not to change).

  9. Anonymous
    February 5, 2016 at 10:03 am

    I Use Weak Passwords For Services I Do Not Care About, But I Can Fairly And Easily Create, And Remember, Individual Passwords For All Others.

    Using Password Managers ? - Not Me.

    Why Would I Give All My House Keys To A Third Party Service Or Software ?

    What Could Possibly Go Wrong ?

    • Anonymous
      February 11, 2016 at 1:48 pm

      You Could Get Hacked, And Be Forced To Type In Initial Caps Everywhere.

      • Anonymous
        February 11, 2016 at 2:57 pm

        I Do Not Type Initial Caps, I Use A CHROME Extension.


        I Warned You Before To Ignore My Posts.

        What Will Happen The Odd Day That You Happen To Wake On The Right Side Of The Bed ? - Will You Commit Suicide ?

  10. Anonymous
    February 5, 2016 at 6:49 am

    My comment disappeared, so here it is again;

    Other than using a password manager which automatically generates strong random strings of at least 16 characters, the best option for creating a memorable but difficult to hack password is to use the first letters of a phrase, and capitalise some letters and include punctuation. For example, "My 1st car was a Purple Ford Falcon. I loved that car, although it was somewhat unreliable!" gives a password of "M1cwaPFF.Iltc,aiwsu!"

    According to zxcvbn password test [Broken Link Removed] that would take centuries to hack, yet is easy to remember. Note that the phrase must be something personably memorable, and NOT a phrase from anything published, such a poems or songs or phrases from the bible, as hackers already check for many common phrases.

  11. Anonymous
    February 5, 2016 at 5:34 am

    I use LastPass to manage my passwords.

  12. Anonymous
    February 4, 2016 at 11:53 pm

    Assuming randomly selected characters, lower case letters only give 4.7 bits of entropy per character, lower+uppercase gives 5.7 bits per character, lowercase+uppercase+numbers give 6 bits per character, and lower+upper+numbers+special characters give 6.6 bits per character.

    So special characters and numbers help but don't add much; a slightly longer and un-guessable (not a dictionary word, quotation, or Star Wars quote) password is good enough.

  13. Kilroy
    February 4, 2016 at 10:50 pm

    The truth is that any password you can create and remember is too week by today's standards. Because you're no longer protecting yourself from someone who knows you and is attempting to log in the same way you do. You are attempting to protect yourself from when the organization requiring the password looses your password. Then all bets are off.

  14. Anonymous
    February 4, 2016 at 9:57 pm

    The worst password that I can remember ever using was drowssap. Granted, this was many years ago, and my technique has improved greatly since then. At least I hope it has!