Creating a new password? Take a look at some of the best and worst passwords of all time


Live Cyberstrong with your first line of defence to your digital life. Check out our #BSHARP guide as we take a closer look at some of the best and worst passwords of all time.

Setting up a secure password is both an art, and a science. Sure, anyone can follow the on-screen instructions and churn out @#$FtlU46KwwY7%. But it takes skill to create a password that you can also remember easily, and not take 27 attempts to key in when fumbling on your phone (and get locked out of your accounts in the process). Here are the best and worst passwords of all time:

Starting with the worst…

#10: No password

#9: Your username or actual name

#8:           (You can’t see anything because we just hit the spacebar ten times. The password is all spaces. Which may seem clever, but it’s really easy to crack).

#7: Incorrect (The idea is that, if you ever enter the wrong password, the system will say “your password is incorrect” and thus “remind” you. Yup.)

#6: Your PIN number, or any password that is being used for your other accounts

#5: Admin, or any variation thereof, like admin123

#4: Password

#3: Qwerty

#2: 111111, or any single repeated digit or letter

#1. 123456

What makes these passwords bad? Well for starters, a lot of them are already very common. And according to MIT Technology Review, password generating software have begun to take advantage of this.

This type of software used to endlessly try multiple passwords, letter by letter or word by word (assuming the system doesn’t limit password attempts). But today, they no longer just guess at random – the software is able to guess the most likely passwords, based on data such as previous leaked information. And everything on the list above is commonly used, so they’d be the first to be tried.

In fact, if you use a common password, a hacker may not even need password generating software to break into your system. If you went around a typical office and typed “password” into every system, we’re willing to bet you’ll get into more than a few.

Also, you should never repeat passwords for different accounts. One of the first things a hacker typically tries, after cracking one of your accounts, is to apply the same password to others. So if your email password is also your PIN number, for example, you’re giving two-for-one access to the hacker.

What makes a strong password? Well, here are some solid examples:

(Please don’t compare them exactly! Just note the principles behind them)


The above can be remembered as four words: Iron Crane Bell Kite. But it also uses substitutions, such as “3” for “e”, so it’s not using a straight dictionary word. Along with the character length, this will make it harder to crack with a password generator (12 characters should be the minimum).

While you may have trouble remembering the exact characters, you can at least remember the overall phrase (Iron Crane Kung Fu is awesome). This is better than a completely random jumble of characters that, while strong, may be nigh-impossible to memorise.

Anyway, better to have to reset the password than to have someone break in.

Here’s another example:


(Calendar, trinket, dock, shipwreck)

Apart from disguising the dictionary words, this strings four random items together. It’s a little harder to remember than a phrase but again, easier to recall than a string of gibberish (just visualise the four items, after a while they’ll “stick”).

Note that you can also deliberately misspell certain words -such as shipwreck- to throw off the pattern.

Key principles of the best passwords:
  • Be random, don’t use common sayings or clichés

  • Substitute letters with symbols

  • Use at least 12 characters

  • Don’t re-use old passwords

1. Be random, don’t use common sayings or clichés

Avoid common combinations of words, such as “end of the day” or “she sells sea shells”. The more random the combination, the better. Try to make the combination grammatically incorrect.

2. Substitute letters with symbols

Be creative here, and avoid substitutions that are too obvious, such as replacing “loose” with l00se”. Random character types make it harder to guess your password.

3. Use at least 12 characters

Password generators fire off thousands of potential combinations per minute. But even adding a single other character can result in the generator having to search thousands more combinations; so the longer the better. At the very least, you want 12 characters.

4. Don’t re-use old passwords

Besides obvious details like your name, or “password”, one of the first things hackers try is a previous leaked password. Many people, after forgetting and recovering their password, go back to the old one as it’s easier to remember. Don’t be one of them!

Using stronger passwords isn’t the be-all and end-all of security of course. You also need to watch out for phishing emails and websites, or any sneaky malware; but a stronger password is an easier way to improve your online defences.

Staying safe online should not be taken for granted. Here are some other tips on how to #BSHARP and protect yourself in the digital space so you can live more, worry less.

You May Also Like

Recommended for you

Based on your read
Based on similar interests
Last Read