The top 10 awfully bad passwords people use

Many end users don't understand the need for good passwords, report shows

You might think that after nearly two decades of data breaches, identity theft and other online risks, your average end user would understand by now the importance of creating strong passwords and protecting them.

You would be wrong.

Data security firm Imperva analyzed 32 million passwords that a hacker stole from an application developer called, and  published a report of the findings earlier this year – including the 10 most-commonly used passwords, all of them terrible.

They are:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Entry No. 7, "rockyou," is the name of the Web site for which the users created the password. Their and passwords are probably "amazon" and "audible," respectively.

Nearly half of the users created easily guessable passwords, including names, dictionary words and strings of consecutive numbers, according to the report. The most common password found was "123456."

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyberattacks: With only minimal effort, a hacker can gain access to one new account every second — or 1,000 accounts every 17 minutes," said Amichai Shulman, Imperva's chief technology officer, in a written statement that accompanied the release of the findings. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Download the full report.



About the Author

Technology journalist Michael Hardy is a former FCW editor.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.