25 Most Commonly Stolen Passwords

How clever is your password? If it’s on the list below, your password is just as easily stolen as it is remembered. Protect yourself by making sure you’re not using one of the top 25 most commonly stolen passwords of 2017, as determined by IT security firm SplashData.

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789
7. letmein
8. 1234567

9. football

10. iloveyou
11. admin

12. welcome

13. monkey
14. login
15. abc123

16. starwars

17. 123123
18. dragon
19. passw0rd

20. master
21. hello

22. freedom

23. whatever

24. qazwsx

25. trustno1

How many accounts does the average internet user have?

The average internet user has 25 accounts to maintain. Despite a large number of accounts, those users only use an average of 6.5 different passwords to protect them, according to a Microsoft study.

Make sure your password is secure with these key requirements.

1. Change your passwords every 90 days. This might seem like a hassle at first, but hackers have a better chance of cracking your passwords if they never change. 

2. Passwords should be at least eight characters long. Criminals gain access to encrypted passwords and can use sophisticated programs to quickly guess every combination of letters, numbers, and symbols until your password is cracked. As a result, longer passwords and those that contain a large variety of characters will be very difficult for programs to guess.

3. Don’t use the same password for each account, or reuse a previous password when you do a 90-day change. Hackers target lower security websites and then test cracked passwords on higher security sites. Make sure each account has a different password.

4. Passwords should include uppercase letters, special characters and for added strength – a number. Special characters include symbols like “#,” “*,” “+” and “>.” Get creative!

5. Don’t use personal information, or reference anything about you that could be found in public records. Your facebook and twitter profile handles are bad ideas. So is your mothers maiden name, the digits in your cell phone number, and the name of the school you went to. You get the point.

6. Don’t use passwords that include bank account numbers, credit card numbers or birthdays. This should fall under rule #5  but because violation of this puts you at additional risk, we gave it it’s own number… Not only could hackers use these passwords to gain unauthorized access to our system, they could use these to empty your bank accounts or charge thousands of dollars to your credit cards.

Step By Step Password Creation


If you adhere the rules above without any method to your madness, there’s a good chance you’ll be seeing the “failed login” notification all too often.

Here’s our trick for stumping hackers, but not yourself:

1. The next time you need to think of a unique password, try using a favorite song lyric or quote. Turning a simple phrase like “your guess is as good as mine” into “yourguessisasgoodasmine” actually makes for a strong, and in this case ironic, password.

2. Be sure to insert:

– One or two numbers in a random location
– A capital letter
– A special character

3. Make sure that the 6 requirements above have been met (like making sure you haven’t used personal information that can be found in public records). 

So the secure password using the phrase above could be: 4yourGuessisasgoodasmine?

*Bonus Variation Method:
Think of an important event that has happened in your life. Then, create a sentence out of it. Complete your password by removing the spaces, turn a word or two into shorthand or misspell it, and add significant numbers if there are none in the sentence. For example, if you adopted two golden retrievers in 2015, you might end up with “2goldenretreevers15.”

Disclaimer: This article is provided for informational purposes only. The information provided herein is not intended to be exhaustive, not should it be construed as advice regarding coverage. Eligibility for coverage is not guaranteed and all coverages are limited to the terms and conditions contained in the applicable policy. 2017, Davis & Towle This Risk Insights is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2011 Zywave, Inc. All rights reserved.

Contact Us

  • This field is for validation purposes and should be left unchanged.