The Top 500 Worst Passwords of All Time
From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.
There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:
ncc1701 The ship number for the Starship Enterprise
thx1138 The name of George Lucas’s first movie, a 1971 remake of an earlier student project
qazwsx Follows a simple pattern when typed on a typical keyboard
666666 Six sixes
7777777 Seven sevens
ou812 The title of a 1988 Van Halen album
8675309 The number mentioned in the 1982 Tommy Tutone song. The song supposedly caused an epidemic of people dialing 867- 5309 and asking for “Jenny”
“…Approximately one out of every nine people uses at least one password on the list shown in Table 9.1! And one out of every 50 people uses one of the top 20 worst passwords..”
Lists the top 500 worst passwords of all time, not considering character case. Don’t blame me for the offensive words; you were the ones who picked these, not me.
| NO | Top 1-100 | Top 101–200 | Top 201–300 | Top 301–400 | Top 401–500 |
| 1 | 123456 | porsche | firebird | prince | rosebud |
| 2 | password | guitar | butter | beach | jaguar |
| 3 | 12345678 | chelsea | united | amateur | great |
| 4 | 1234 | black | turtle | 7777777 | cool |
| 5 | pussy | diamond | steelers | muffin | cooper |
| 6 | 12345 | nascar | tiffany | redsox | 1313 |
| 7 | dragon | jackson | zxcvbn | star | scorpio |
| 8 | qwerty | cameron | tomcat | testing | mountain |
| 9 | 696969 | 654321 | golf | shannon | madison |
| 10 | mustang | computer | bond007 | murphy | 987654 |
| 11 | letmein | amanda | bear | frank | brazil |
| 12 | baseball | wizard | tiger | hannah | lauren |
| 13 | master | xxxxxxxx | doctor | dave | japan |
| 14 | michael | money | gateway | eagle1 | naked |
| 15 | football | phoenix | gators | 11111 | squirt |
| 16 | shadow | mickey | angel | mother | stars |
| 17 | monkey | bailey | junior | nathan | apple |
| 18 | abc123 | knight | thx1138 | raiders | alexis |
| 19 | pass | iceman | porno | steve | aaaa |
| 20 | fuckme | tigers | badboy | forever | bonnie |
| 21 | 6969 | purple | debbie | angela | peaches |
| 22 | jordan | andrea | spider | viper | jasmine |
| 23 | harley | horny | melissa | ou812 | kevin |
| 24 | ranger | dakota | booger | jake | matt |
| 25 | iwantu | aaaaaa | 1212 | lovers | qwertyui |
| 26 | jennifer | player | flyers | suckit | danielle |
| 27 | hunter | sunshine | fish | gregory | beaver |
| 28 | fuck | morgan | porn | buddy | 4321 |
| 29 | 2000 | starwars | matrix | whatever | 4128 |
| 30 | test | boomer | teens | young | runner |
| 31 | batman | cowboys | scooby | nicholas | swimming |
| 32 | trustno1 | edward | jason | lucky | dolphin |
| 33 | thomas | charles | walter | helpme | gordon |
| 34 | tigger | girls | cumshot | jackie | casper |
| 35 | robert | booboo | boston | monica | stupid |
| 36 | access | coffee | braves | midnight | shit |
| 37 | love | xxxxxx | yankee | college | saturn |
| 38 | buster | bulldog | lover | baby | gemini |
| 39 | 1234567 | ncc1701 | barney | cunt | apples |
| 40 | soccer | rabbit | victor | brian | august |
| 41 | hockey | peanut | tucker | mark | 3333 |
| 42 | killer | john | princess | startrek | canada |
| 43 | george | johnny | mercedes | sierra | blazer |
| 44 | sexy | gandalf | 5150 | leather | cumming |
| 45 | andrew | spanky | doggie | 232323 | hunting |
| 46 | charlie | winter | zzzzzz | 4444 | kitty |
| 47 | superman | brandy | gunner | beavis | rainbow |
| 48 | asshole | compaq | horney | bigcock | 112233 |
| 49 | fuckyou | carlos | bubba | happy | arthur |
| 50 | dallas | tennis | 2112 | sophie | cream |
| 51 | jessica | james | fred | ladies | calvin |
| 52 | panties | mike | johnson | naughty | shaved |
| 53 | pepper | brandon | xxxxx | giants | surfer |
| 54 | 1111 | fender | tits | booty | samson |
| 55 | austin | anthony | member | blonde | kelly |
| 56 | william | blowme | boobs | fucked | paul |
| 57 | daniel | ferrari | donald | golden | mine |
| 58 | golfer | cookie | bigdaddy | 0 | king |
| 59 | summer | chicken | bronco | fire | racing |
| 60 | heather | maverick | penis | sandra | 5555 |
| 61 | hammer | chicago | voyager | pookie | eagle |
| 62 | yankees | joseph | rangers | packers | hentai |
| 63 | joshua | diablo | birdie | einstein | newyork |
| 64 | maggie | sexsex | trouble | dolphins | little |
| 65 | biteme | hardcore | white | 0 | redwings |
| 66 | enter | 666666 | topgun | chevy | smith |
| 67 | ashley | willie | bigtits | winston | sticky |
| 68 | thunder | welcome | bitches | warrior | cocacola |
| 69 | cowboy | chris | green | sammy | animal |
| 70 | silver | panther | super | slut | broncos |
| 71 | richard | yamaha | qazwsx | 8675309 | private |
| 72 | fucker | justin | magic | zxcvbnm | skippy |
| 73 | orange | banana | lakers | nipples | marvin |
| 74 | merlin | driver | rachel | power | blondes |
| 75 | michelle | marine | slayer | victoria | enjoy |
| 76 | corvette | angels | scott | asdfgh | girl |
| 77 | bigdog | fishing | 2222 | vagina | apollo |
| 78 | cheese | david | asdf | toyota | parker |
| 79 | matthew | maddog | video | travis | qwert |
| 80 | 121212 | hooters | london | hotdog | time |
| 81 | patrick | wilson | 7777 | paris | sydney |
| 82 | martin | butthead | marlboro | rock | women |
| 83 | freedom | dennis | srinivas | xxxx | voodoo |
| 84 | ginger | fucking | internet | extreme | magnum |
| 85 | blowjob | captain | action | redskins | juice |
| 86 | nicole | bigdick | carter | erotic | abgrtyu |
| 87 | sparky | chester | jasper | dirty | 777777 |
| 88 | yellow | smokey | monster | ford | dreams |
| 89 | camaro | xavier | teresa | freddy | maxwell |
| 90 | secret | steven | jeremy | arsenal | music |
| 91 | dick | viking | 11111111 | access14 | rush2112 |
| 92 | falcon | snoopy | bill | wolf | russia |
| 93 | taylor | blue | crystal | nipple | scorpion |
| 94 | 111111 | eagles | peter | iloveyou | rebecca |
| 95 | 131313 | winner | pussies | alex | tester |
| 96 | 123123 | samantha | cock | florida | mistress |
| 97 | bitch | house | beer | eric | phantom |
| 98 | hello | miller | rocket | legend | billy |
| 99 | scooter | flower | theman | movie | 6666 |
| 100 | please | jack | oliver | success | albert |
on July 5th, 2012 at 9:41 am
Fortunately none of mine appeared on there. Of course, most of mine are in Quenya and Sindarin or are the keystrokes needed to type them in Tengwar. The latter creates the most secure passwords I’ve ever seen. Check out http://en.wikipedia.org/wiki/Tengwar#Encoding_schemes to see what I mean. Good luck hacking a complicated encoding system whose original word is in a fictional language barely spoken by a handful of people.
on July 23rd, 2012 at 6:20 am
It seems that passwords are cars , women , sex and rock’n’roll 😀
on August 2nd, 2012 at 5:51 am
Password Generation can be very creative 🙂 Can remember the first masterkey passwords for motherboard BIOS and CMOS systems 15 years ago 🙂
In General you should use a combination of alpha numeric, numeric and special characters combined with upper and lower case sensitivity. Simply take remember a whole sentence and take only the first character of each word.
on August 5th, 2012 at 11:38 am
Устройство бань, русская баня и баня
on August 14th, 2012 at 3:20 pm
Thank you for your service, its a great help keeping the nutters at bay,
on August 27th, 2012 at 1:14 pm
I used to use the password pretty. Knowing what I know now about passwords, I will never use something so simple again.
on August 27th, 2012 at 2:56 pm
My pass word used to be zombieslayerpopchicktatoeyes
on September 6th, 2012 at 5:54 am
[…] Kermit-5566, etc.) for a computer doing the guessing, it really doesn’t matter at all. The most used password roots are widely known and generally consist of real words, sequential numbers, and proper names.Chances […]
on January 22nd, 2013 at 3:39 pm
:[
on February 13th, 2013 at 12:06 pm
Omg I want to be an expert hacker can anybody give me lessons. I need a teacher hackergirl.kdcr@gmail.com
on February 28th, 2013 at 9:13 am
[…] Don’t set up weak passwords: Sounds like a given in today’s online world, but many users still use weak passwords, such as their pet’s name … or the name of their favorite sports team … or the ever popular “qwerty.” (For a list of the of the top 500 worst passwords of all time, go here.) […]
on August 31st, 2014 at 8:57 pm
Does anyone know of an app that will tell you as many different spelling variables for a certain password of your choice? Example… is my is to high for you\ismyiq2high4you\ismyiqtoohi4you.. and so on.
on October 21st, 2014 at 11:58 am
my primary school used #19 as the password on the pupils accounts
on November 25th, 2014 at 5:09 am
I WANT TO KNOW. The Key Number should be eight digit long and it
should contain at least one upper case letter (A,B,C,…), one lower case letter
(a,b,c,…), one digit (0,1,2,3,…) and one special character (! @ # $ % ^ * ( ) –
+ { } ; : ).
on November 25th, 2014 at 5:11 am
IN HIGH COURT ASSISTAT . ENTER THIS ……….The Key Number should be eight digit long and it
should contain at least one upper case letter (A,B,C,…), one lower case letter
(a,b,c,…), one digit (0,1,2,3,…) and one special character (! @ # $ % ^ * ( ) –
+ { } ; : ). The candidate is advised to note down the Key Number and to
BUT CONTINUOUSLY I ENTER MY KEY WORD. IT ALWAYS HAVING ERROR. WHAT IS THIS?
on January 22nd, 2015 at 12:35 pm
Since 1977, I have been using composite passwords. I started when an administrator at The Ohio University handed out these really difficult to remember passwords. People would write them down because no one could easily remember them. IMHO, difficult to remember passwords for an individual is almost as bad as the Top 500, not as bad, but close.
So what might be a good password? Well, not to give away my methodology, one I used to use was:
example might be:
WhatPasword_199.91$172%52
This works as the site name is WhatsMyPassword and the IP of the server. This way you need only remember taking the first, third word from the serer name and then the IP address (assuming it doesn’t change). Of course, using the Dataviz Password Plus program can also help.
Anyway, just a positive spin for anyone looking for a possible good password technique.
on May 6th, 2015 at 1:06 am
[…] Top 500 Worst Passwords of All Time […]
on June 26th, 2015 at 4:34 am
RE “How does “abgrtyu” come about ?” Look at your keyboard and follow this reasoning: go from A to B (first two letters of alphabet), at B go up a left diagonal (GR) and then right (TYU); that gives abgrtyu. I used capital letters just like it shows on keyboards.
on July 14th, 2015 at 1:33 pm
Lol the first 100 is all the passwords for the game “Amateur Hacker Simulator”
on July 14th, 2015 at 1:34 pm
and some of them aren’t appropriate at all -_-
on July 25th, 2015 at 4:07 am
[…] messages on Gmail, to buying things on Amazon. It used to be the case that as long as you avoided easily guessable passwords you’d be fine – unfortunately those days are long […]
on July 25th, 2015 at 4:10 am
Gostei muito desde site ! Mas quero aprender mais
on August 25th, 2015 at 1:00 am
[…] book Perfect Password: Selection, Protection, Authentication. The same table is reproduced here, […]
on September 16th, 2015 at 5:12 am
sir i want to know
how to crack wifi passward using android phone
on October 4th, 2015 at 2:24 pm
WHAT passwords do you guys suggest that we use for our password because I’m finding it hard to think of a password because everyone that I type says its to predictable soo please help me
on October 13th, 2015 at 7:01 am
[…] Frequently used passwords http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time http://weakpass.com/lists […]
on October 19th, 2015 at 10:37 am
gostaria muito que vc me ajudasse a descobrir a senha do face do meu marido,pois pequei uma conversa dele num face que tenho a senha e através desse face descobri que ele tem outro oque eu quero que bescubra pra mim é esse que vou te passar o e-mail ( taxioliveira-@agil.com ) o nome do usuario é ( Acelmo Rodrigues)por favor me ajude é muito importante pra mim obg aguardo resposta.
on October 22nd, 2015 at 4:40 am
[…] de bases de dados de vazamento de senhas. Achou grande demais? Tem uma lista menor, com as 500 senhas mais comuns, de uma só página. Vale dar uma […]
on November 16th, 2015 at 11:26 am
[…] are easier for a hacker to guess, whilst on the subject of short passwords please see the table here, If you have any of the ones listed then you should change it now. Complex high entropy passwords […]
on November 23rd, 2015 at 10:20 am
[…] you can find any variant of it in the top 500 worst passwords list, then you have a […]
on December 6th, 2015 at 7:48 am
hackearam meu instagram, iago_costa06 foi esse usuario ai
on December 27th, 2015 at 6:20 am
My passwords are not there. Hehehe 😝
on January 9th, 2016 at 12:29 am
passwors are so easy to guess
on January 30th, 2016 at 2:14 am
[…] tasso di successo ha anche l’uso di un dizionario composto dalle password più usate, come questo – suggerisco di buttarci l’occhio, per farsi un’idea di come spesso sia […]
on February 19th, 2016 at 5:07 pm
LAWL my password is not in here
on March 28th, 2016 at 9:55 am
A great fool side
on April 22nd, 2016 at 12:37 pm
What surprises me is “thx1138” is in there, but “reindeerflotilla” is not?
on April 28th, 2016 at 1:28 am
360 no scope mlg
on June 28th, 2016 at 12:23 pm
Password entropy lesson
xkcd.com/936/
on July 3rd, 2016 at 5:53 pm
Thanks for the page. I’m building a password generator called Password Gold, and having these references are great.
on August 25th, 2016 at 2:00 pm
hello I would like to discover the password for a gmail account as I do ?? need to find the password for that urgent care is a matter of urgency, have important files and projects in this account (reuben@gmail.com …….. I can not spend the email this person, most want to find out the password. . urgent thank you !!!
on August 29th, 2016 at 3:43 pm
Hello there,,,
I wish somebody help me to open my WD external drive ,
I have a ‘My Passport’ external hard drive unit. I have never setup a password for the unit and have always just plugged it into the computer and found my files via my computer.
I may have plugged the unit into the computer as it was still loading and I can no longer access my files. The unit is asking for a password?
Can you please help
My WD external drive Suddenly it is locked, I never put or used any password, and all over the sudden when I connect it to my pc it start asking for a password. sudden put a password on the drive.
Please do something I need to open my data witch it is very important to me and my family.
P/n: wdbabm750abk-00
s/n: wxb1a3065950
My email : zaben_@hotmail.com
on September 6th, 2016 at 7:25 pm
Using Inside jokes or memories could make some really strong passwords. I have a password based off of something I wrote with fridge magnets, and I highly doubt anyone would guess it.
on April 3rd, 2017 at 4:50 pm
What I hate are the sites that give you the option of answering a few simple questions if you forgot your password. Typically you are not able to make up the question – only the answer. Examples – what was your maternal grandmother’s first name? What was the make of your first car? What was you first pet’s name? In what city did you meet your spouse.
on April 11th, 2017 at 11:38 am
crackerjaq
on May 13th, 2017 at 9:35 am
Great article!
I’d be interested to know how the data was collected though…
Anyway a few comments in response to the comments above:-
Rich – Where is it written that you have to answer security questions truthfully? As long as YOU know what to answer! Simple, but (now obvious)) trick is to answer “Mother’s Maiden Name” (Very Common) with your Paternal Grandmother’s Maiden Name. I’m sure you can figure out others!
Dylan – One school district I worked in had independent networks in each school (few years ago, before cheap high-speed WAN connections were available). In order to make it easy for the (travelling) techs, all the networks had the same root / main / domain admin password. They took security very seriously and followed the golden rule. They made sure that their passwords remained “aSecret”!!!
Many of you – This is an article about making things secure. Do you honestly think that asking for advice on how to crack passwords is going to be productive?
I have tried many, many systems over the years. Famous quotes (2b0n2b), lines from songs or even Monty Python scripts! (tbafw – see if you can figure where that one came from, and yes, it is waaaay too short!) Now, I use a password manager.
Ultimately, however, it is systems managers who don’t understand how it all works and setting up crazy password policies that are mostly responsible for insecure systems (IMHO) I appreciate this article is about choosing a password, but I have real issues with the way many administrators set up the password policies. Like many things, what seems to make it more secure, actually has the opposite effect!
For example, the forced password change really pisses me off. Why do it?? Yes, I know “in case someone has discovered your password”, but it actually gives you a false sense of security (while irritating your users). Why? Well, to begin with, the users you are targeting are the ones that probably either don’t understand the risks, or don’t give a rat’s-ass. Either way, if you combine it with the common “8 characters, 1 upper case and 1 non-alphabetic” a large number will use a word and put the capital at the start and a number at the end. For example, “Password1”. So, let’s assume the password is compromised. User is forced by the password policy to change it. Hacker comes along and the password no longer works! Oh no! Foiled! Really, what’s the likelihood that “Password2” might work?
Next on my hit-list is insisting on particular types of characters actually reduces the number of potential passwords, which in turn leads to lower security. Combined with a bit of psychology and it gets worse! (Like my assertion that most people will put the digit at the end. That essentially takes an 8 character password and reduces it to 10 times a 7-character. So, instead of 218340105584896 possible passwords, we only have 3521614606208. One article I saw rated the former as taking a year to crack and the latter 10 weeks!
Next comes the account lockout. 3 attempts and you are locked. 3??? really? Many, many people I have had this discussion with have suggested that 3 is far too high. I say “poppycock”! NIST suggests setting it as high as 50 and I agree! “Heracy” I hear you cry! But, stop and thing for a minute. If a password can e guessed in 50 attempts, it really isn’t that secure in the first place. The statistical difference between 3 and 50, in a password space in the Billions or even Trillions is insignificant. BUT if a user knows they have lots of attempts, they are LESS likely to use the same password for everything and MORE likely to use a complex password – in other words, the very things we are trying to encourage!
Finally, think about what you are securing. At one company I worked at, the password policy that unlocked the “family jewels” so to speak (gained access to the network and, due to Single Sign-On, therefore Payroll, HR, Proprietary knowledge etc. etc.) was the common 8-character, 1 Upper Case, 1 Non alphabetic.. The Blog site, meanwhile, had 9-character, 1 Upper. 1 Numeric and 1 non alpha-numeric! If you run a public site. How important is security? It’s a trade off with usability and nobody is going to use a site that is unusable! Password Policies are a modern-day disease. It’s an attempt at providing a technological solution to what is, essentially, a social problem.
If I haven’t convinced you yet, let me ask you this…
When was the last time you visited the ATM or you Bank’s online banking website and were told to change your PIN / Password? Have you EVER had a PIN refused because it had been used before? Or wasn’t “complex” enough?
No, me neither! Now ask yourself why? Maybe because we all know it’s our money and needs to be secure. We take the responsibility. THAT’S what needs to happen! Now, actually making it happen is a different matter.
on May 13th, 2017 at 9:40 am
Having seen my comment (rant!) in full (As opposed to in this tiny edit box) I wish to apologize for two things:
1. Typos. Oops!
2. The length – I got on a roll!
😉
on June 27th, 2017 at 7:42 pm
My password used to be “fuckoff” but I got hacked. I don’t know how they guessed. I changed my password now. It is now “123456”. No-one will guess it now.
on October 28th, 2017 at 4:10 am
Ich schreibe gerade посмотреть, есть ли какой-нибудь nini hii inasema โชคดี vay’ nuqDaq ghoS pagh pa’ jang Suq chaq Daghaj sien jou op die plek waar die leeus later na drankies rondloop
on March 3rd, 2018 at 12:51 am
I have checked your website and i have found some duplicate content, that’s why you don’t rank high
in google, but there is a tool that can help you to create 100% unique content, search for;
Boorfe’s tips unlimited content