The passwords you should never use

An annual report, now in its eight year, has analysed the worst passwords of 2018 giving us an insight of what people are using, but more to the point what you shouldn't be using.

Account hacking is a real and genuine threat, so making sure you have a safe and secure password for all your accounts is an absolute must. We are constantly told to try and avoid using the same password for everything, but remembering so many different passwords can be a nightmare.

Thankfully, there are software programmes and apps out there to handle that task for you and help keep you safe online. But before we do it's worth pointing out here are the most popular passwords used online that you shouldn't even think about using.

Passwords you shouldn't be using

It seems people still like using: "123456" and "password" with both occupying the number 1 and 2 slots respectively on the list compiled by SplashData. 

Despite pleading from security experts, many of us still use go-to, easy-to-recall passwords for most of our online accounts. In 2016, Gemalto surveyed 9,000 consumers from around the globe, including in the UK and the US, and found that 70 per cent of respondents believe the responsibility for protecting and securing customer data lies with companies (where as only 30 percent thought it was up to themselves).

So, it's no surprise that SplashData's annual list of commonly used passwords still contains strings of characters and letters that even the most basic hackers could figure out and use against you.

SplashData estimates almost 10 per cent of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3 per cent of people have used the worst password, 123456. Ouch. 

It's list is from the 5 million plus passwords leaked in 2018 presumably from companies such as yahoo, Starwood, and others passwords like "123456789", "monkey", and "qwerty" all made an appearance in the top 25 worst passwords found.

Perhaps an ode to the current US President, "donald" featured on the list for the first time at number 23. 

The full list of worst passwords:




















[email protected]#$%^&* 






Many companies have stepped up their efforts to ensure we use strong passwords. Apple automatically now suggests "strong passwords" when any form pormpts you to create one, while Microsoft offers several tips on how to choose safe passwords too. It says that a good password should be eight or more characters long, not be your user name, real name, or company name, and, in fact, not contain a complete word at all. It should also be different to passwords used elsewhere and contain at least one each of the following: an upper-case letter, a lower-case letter, a number and a symbol (such as £ or $).

Apps to protect your passwords

Now we've cleared that up, let us run you through a couple of the best we've found to help keep account hackers at bay.


This is a password manager. It remembers all your passwords for you, lets you generate passwords, and easily signs you in to sites and apps.


LastPass is available across the vast majority of internet browsers and mobile devices, and can be used on both Windows and Mac. It's installed as an extension in your browser and appears as a button in the browser toolbar so you can quickly and easily manage your LastPass account.

While it will remember all your passwords for all your accounts, it does require you remember just one master password to login with, which shouldn't be too hard at all. You'll want to make this password as strong as you can, to prevent anyone from hacking in and stealing all your other passwords.

You save passwords to your 'vault', and you can either add them manually, or get LastPass to save them automatically the next time you login to a particular site or service.

If you want to change one of your current passwords to something different, you can, and LastPass can generate a random sequence of letters and numbers to make your account extra secure. And of course, you won't need to worry about remembering the tricky sequence as LastPass will do that for you.

You can download the mobile app to your device as well, and all your saved passwords will sync across, just as long as you remember that all-important master password. While it will remember passwords for any websites you visit on your mobile device, you'll need to pay a small monthly fee for it to remember passwords for your applications.

You don't just have to save account passwords in LastPass though, as it can also be a place to store notes, Wi-Fi passwords or details of your driving license and you can save your debit and credit card details so you can autofill them in when you go to buy something online.


KeePass is a free-to-download, open-source password manager for Windows. You can install it on Linux and Mac computers, but you'll need to run it through Mono, which lets you install Microsoft applications on different platforms.

There are unofficial ports available for iOS, Android, Windows Phone and BlackBerry devices. We'll be sticking to talking about the official version for Windows PC here.

KeePass works much in the same way as LastPass by storing usernames and passwords for different accounts in a database as encrypted files. You can also store notes and other file attachments.

The database of passwords is secured by a master password, key files and/or the current Windows account details, and everything is stored locally on your computer as opposed to in the cloud.

KeePass has a password generator to come up with super secure passwords to use for your different accounts and it supports a vast number of plug-ins, all of which can be seen on KeePass's website.

Because of the slightly more difficult way to install KeePass on Mac and Linux-based systems, we'd say it's only really a worthy contender for Windows users. 


Dashlane works in a very similar way to LastPass. It works across various browsers and mobile devices, and can generate passwords with up to 28 characters to make them virtually impossible to bypass. Dashlane will monitor the passwords you have saved for all your accounts, and will instantly let you know if any of your accounts are compromised.

When you first install Dashlane, it will scan the history of any internet browsers you have installed and check for any saved passwords. Whatever it finds it can then import. It's a really handy way to get all your passwords saved instantly, instead of having to remember where you have accounts or manually saving them each time you login to a new website. 

When you login to Dashlane, you'll need to enter your email address and then a security code that is sent to that email. Once you've put that in, you'll then be asked for your master password. 

If any of your saved passwords are old and in need of a refresh, Dashlane can do so at the click of a button. Simply select the passwords you wish to change, press 'change' and they'll be updated and saved with new ones. It can also tell you how safe your current passwords are, in this case of this writer, the passwords could definitely do with an update.

Unlike LastPass however, Dashlane can't store passwords for applications on your mobile devices.

There is a Premium tier of Dashlane which gives you unlimited password syncing across all your devices, gives you a secure and encrypted backup of your account in the cloud and allows you to login to your Dashlane account from any web browser.

LogMeOnce Password Manager

LogMeOnce works as a browser extension, so can be used across Windows and Mac, as well as iOS and Android. Like the other password managers on this list, LogMeOnce can ask you for a master password to login, but it actually has password-less login set by default.

It's available in separates guises for businesses and consumers, and instead of typing in a password, you need to pair your account with your smartphone. When you try to login through a web browser, you'll receive a prompt on your mobile device so you can verify your identity.

LogMeOnce will either ask you for a PIN code, a fingerprint scan or PhotoLogin, which shows you a photo on your device, taken by the webcam on your computer. If you see a picture of yourself, you confirm it's you and you can login.

It can generate passwords with 15 characters by default, and can tell you approximately how long a password you choose yourself could take to decipher. LogMeOnce also asks you to change your passwords every three months by default, but you can upgrade to the Ultimate tier to set this timescale to your own personal preference.

If you happen to lose your mobile device and someone else tries to login on it, LogMeOnce will automatically take a photo using both the front and rear cameras and send them to your online dashboard. You can then view the photos to see who has your phone, along with their GPS location and IP address.

The cloud dashboard interface, which gives you an overview of all the websites you have passwords saved for, isn't as good looking as the likes of LastPass or Dashlane, but it gives you several tabs to store different passwords, such as 'work', 'family', 'finance' and 'travel'.

There are three tiers available: Premium which is free, Professional which is $12/year or Ultimate which costs $39/year. 

Sticky Password

Sticky Password is another browser tool that stores your password behind a master password key but can also rely on fingerprint authentication to log you into your account. It's support across several platforms including iOS, Windows, Mac and Android, and has extensive browser support.

The free tier doesn't let you sync data across your devices, that benefit is reserved for the Premium tier. With it, you can sync your password data to your devices via local Wi-Fi or via the cloud, you can also save an encrypted backup of your passwords to the cloud if you wish.

If you pay for the Premium tier, a portion of the money goes to help support endangered manatees, so you'll be doing some good, along with keeping your accounts safe. 

We prefer the interface of LastPass and Dashlane, but Sticky Password is still easy and simple to use and is a great option for storing all your passwords in one place. 

Great general tips for keeping your passwords safe

We have so many accounts for various sites these days and whether it be social media, shopping or email, there seem to be more and more passwords to remember.

These passwords are so important as they protect a significant amount of information about you that you wouldn't want getting into the wrong hands so here are a few tips on making your passwords more secure.

Use different passwords

While it is difficult to remember one password, let alone 10, it is worth trying to anyway as it's better to make sure all your passwords aren't the same.

Create a system that you can easily remember and that uses a base password but adds an element for the site in question, such as PasswordTwitter.

Don't write your passwords down

It's tempting to write your passwords down, especially when you have different ones for different accounts, remembering them all can be a minefield but don't do this.

Chances are you have a several bits of paper near you with various passwords on them, which if you do, you should get rid of them. Equally, if you have them on an email, or auto-saved then make sure you have a locked screensaver on your computer so if your computer was stolen, you haven't offered all of your passwords to the thieves.

Make it hard to guess

Ideally your passwords should be more than 8 characters long and use a combination of letters and numbers. There are some sites that force this, while others don't but it's worth using it as a rule of thumb anyway.

You could try spelling out a word and replace the vowels with numbers, take a phrase and use the first letter of each word to create a password or remove some letters from a word such as Facbok.

Other tips for making passwords harder to guess include adding random punctuation, misspell your word, use two or more words by adding an underscore or hyphen inbetween or use a really long word.

Don't give it out

Not giving it out might seem obvious but that doesn't stop people ignoring this golden rule. You might just be giving it to your partner or friend, asking them to check your email, or you could be passing it on to a colleague for one reason or another.

Whatever the reason, it isn't a good enough one. Passwords should be kept to yourself no matter what.

Change your password regularly

While you should never change your password based on a request from an email or website, it is worth making sure you change your passwords on a regular basis.

One tip for doing this but making sure you remember what you have changed it to is to add an element to your current password that loops every 12 months or has a theme.

For example, you could do something like Password1 for January and Password12 for December, and if you change them them out of sequence, it will improve the strength of your password.


Compiled by Olalekan Adeleye


Rate this item
(0 votes)