The most popular one of all? “123456.” ?

Cybersecurity is on many people’s minds these days, and yet using “password” as a password is apparently still a thing.

On Friday, password management company Keeper Security released a list of the most common passwords of 2016 ― and it’s, well, shameful.

The most popular password, making up nearly 17 percent of the 10 million passwords the company analyzed, was “123456.” “Password” was also among the top 10 passwords, coming in as the eighth most common.

Keeper Security assembled the list using a collection of passwords that were leaked through data breaches in 2016. The company didn’t include leaked passwords if the breaches were announced that year but occurred prior to 2016, co-founder and CEO Darren Guccione noted in a blog post that revealed the findings.

Scroll down to see the full list of common passwords.

Keeper Security advised users to select a password that’s more than six characters long and contains a variety of characters — including numbers, uppercase and lowercase letters, and even special characters. The company also suggests avoiding full words, which it refers to as “dictionary terms.”

Two of the most common password-cracking techniques are dictionary cracks and brute force cracks, Keeper Security says.

Dictionary cracks try combinations of known passwords and personal information. This may include a user’s favorite sports team, children’s names, phone numbers or birthdays. Brute force cracks often use machines to compile potential passwords that wouldn’t be found in a dictionary.

“Machines that can be purchased for less than $1,000 are capable of testing billions of passwords per second,” Keeper Security warns on its website.

Though Guccione admonished internet users for not selecting more secure codes, he also said websites are responsible for protecting their users.

“What really perplexed us is that so many website operators are not enforcing password security best practices,” he wrote. “While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.”


  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

Did your password make the list of shame? If so, it may be time to do some serious updating, or risk kissing your internet security goodbye.


Find out how to protect yourself and business at: