Information Technology Services (ITS)

The Worst Passwords of 2014

Published on: January 21, 2015

It’s that time again! In 2014, it is estimated that more than 3.3 million passwords were leaked through various security breaches.  The annual list of the most commonly used passwords of 2014 is out, and the top 25 passwords are surprisingly easy to guess.

To help protect your privacy and your accounts, ALWAYS make sure to choose a difficult to guess password. Keep in mind that no matter how strong your password is, it should also never be the only password you use.  Use different passwords for different accounts, this way if your Twitter account is compromised, it won’t mean that your online banking is exposed to the same risk.

What makes a strong password?

There are many online guides and tools that help you generate a strong password; however, the key principles of making a strong password are simple:

  1. Make the password at least 8 characters long, or longer where permitted.
  2. Don’t use any common phrases, such as the ones listed below, or your birth date and name.
  3. Use a variation of capital letters and numbers: Don’t always start with a capital letter and end with a number.  Mix it up!
  4. Don’t be afraid to include special characters such as #$%&@

In addition, make sure to change your passwords on a regular basis and properly secure your devices.  Remember, University of Toronto will NEVER ask you for your username and password.  

Courtesy of SplashData, here is the list of the worst passwords of 2014:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1