Most commonly used (and leaked) passwords of 2016

A password. Sometimes they’re simple, and sometimes they have to be so complex that even a genius couldn’t remember them. While we sometimes think of passwords as an extra step between us and the information we want to access, they really are much more than that.

We put a lot of trust in websites to keep our data safe. Every day people are sending e-mail, posting on social media, conducting financial transactions, and accessing health information, through a large number of websites and service providers. The only thing that keeps this information safe, and out of the hands of criminals, is your password. This is why some websites enforce strong passwords; because the stronger your password, the more secure your data is.


However, sometimes people forget how important having a strong password is.


Cybersecurity firm Keeper has released a new study into the most common passwords of 2016. Keeper analyzed 10 million passwords that became public in 2016 through online data breaches, and compiled a list of the most common.

The most commonly used password in 2016 (and 2015, and 2014) was “123456“. This password alone accounted for almost 17% of the passwords that were analyzed. That means approximately 1.7 million of the passwords that were leaked online in 2016 were “123456”. That’s a lot of insecure accounts!


Below you can find the top 25 most used passwords, from most to least popular:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e


If you use any of these passwords it is highly recommended that you change it immediately.


Sometimes your personal information can be leaked online when a website is compromised or hacked, and regardless of how secure your password is this information can get into the wrong hands.

There is a great website online, built by security researcher Troy Hunt, that allows you to check if your information was contained in any data leaked through online security breaches. The website “have i been pwned” can be found at https://haveibeenpwned.com/ and is free to use.

We would also recommend using their free “Notify Me” service which notifies you any time your information is leaked online in the future.

The “have I been pwned” database contains information on over 2 billion accounts that were leaked from 181 websites, including sites like MySpace, LinkedIn, Adobe, Dropbox, Tumblr, online dating site, and many more. No website is off-limits when it comes to data breaches, as sites like Acne.org, Domino’s Pizza, and grocery store Tesco have all had data leaked online. You can see a full list of the 181 sites with data in the “have I been pwned” database here: https://haveibeenpwned.com/PwnedWebsites

It’s really worth checking to see if your information was included in any of the data that was leaked.


Hopefully with this information you can help keep your online accounts secure.


Leave a Reply