The 25 worst passwords people use to ‘protect’ themselves online

We spend most of our waking hours in front of some screen or another — our laptops, our office computers and the smartphones that science will one day just fuse to our palms for ease of use. All these gadgets and tools give us access to everything from the money we keep in the bank to time-wasting games, microblogs and social networks. And every one of those requires a password.

Passwords feel less super-spy than they did when the Internet was new, and some of us have gotten pretty complacent when it comes to picking ours out. And by “complacent,” we mean that there are some passwords that function less as “great digital protection” and more as “the worst thing you could possibly put between hackers and your checking account.”

SplashData, a company that specializes in security applications (so we can safely assume it knows what it’s talking about), releases a list of the worst passwords people use every year. A few days ago, it revealed the biggest offenders of 2015, with passwords that offer proof humans are nothing if not consistently apathetic.

More: Restaurant owner’s ‘unusual’ bathroom goes viral

Here’s the list. See your own password on it?

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

It’s worth noting that “password” and “123456” have dominated those top two spots for years, presumably in some kind of battle for ultimate inferiority. There’s really not a whole lot to be surprised about here, except for maybe “starwars” and “monkey” (really, can that many people jump straight to “monkey” when it’s time to pick a password?), because the rest of these are essentially just word salad or lazily pressing every key in a straight line. Admittedly “letmein” sort of made us chuckle, but really, everyone? Do better. You’re adults.

By now we’ve all sat through enough lectures from the IT department and our high school tech lab teachers to know that passwords are important protection against things like hacks, malware and identity theft.

The password must be hard to guess, they say. Easy to remember, they say. A perfect, unhackable password is a mixture of uppercase and lowercase letters, ancient Aramaic, a powerful incantation written in WingDings and your go-to Powerball number pick, they tell us.

More: My family’s mess of a budget forced me to do things I never imagined

But that’s boring and hard, which is why people probably choose the lazy way out and pick terrible passwords. But January’s not yet over, so it’s not too late to vow to be better and start taking that one guy from IT and his impeccably pressed Dockers seriously. We are here to help you through it.

There are some quick-and-dirty rules to follow when it comes to picking new passwords, according to the information put out by SplashData:

  • Use passwords and pass phrases with 12 characters or more
  • Make sure your passwords are a combination of letters and numbers
  • Don’t use repeating or sequential numbers or letters (abc123, aaa111)
  • Don’t use the same password for multiple sites

That’s a great place to start, but there’s one thing on this helpful list — don’t use the same password over and over again — that presents something of a problem. This isn’t the ancient days of 2003 here, when all you needed to remember was your AOL password and maybe a LiveJournal login. This is Futureland, where everything is online, and it isn’t uncommon to have 50 or more password-protected accounts.

Luckily there’s a solution for that too: more technology! Apps exist that make it super simple to safely store, change and analyze passwords from one source, so if you are as sucky as the average person is at thinking up new passwords or remembering all the ones you’ve already created, consider trying one out.

More: The F-word: SheKnows contest challenges you to call it what it is

LastPass is by far the most popular password manager out there. It can be downloaded for iPhone and Android or used in a browser, and it’s a pretty neat tool that doesn’t leave anything out. After you download it, you’ll create a master password that allows you to access your password “vault” — an encrypted library of all your accounts and passwords. You can audit them for security, create new ones with a random generator and change passwords to other accounts through the app.

Dashlane is very similar, but people prefer it for its easy-to-use UI and security dashboard, which will tell you at a glance how many times you’ve reused a password (and change it, if you want to), which of your passwords are weak sauce and easily compromised, and it will even let you know if a password already has been compromised. It too can be downloaded through iTunes or Google Play.

You can enable TouchID or fingerprint verification on either app, just in case there was any question that we’re living in the world of tomorrow — today!

Now go change your password.