Once again this year we take a look at the curious rankingof the worst passwords of 2018: it seems that the “symphony” –compared to the 2017 data – has not changed much.

The source is again SplashData: its analysis was based on more than five million passwords leaked on the Internet this year, on a worldwide scale.
The unbreakable “123456” and “password” remain infirst and second placeand are the most popular passwordsonline and the worst to use. Then there are the so-called extensions, i.e. equally simple sequences of numbers such as ‘123456789’. New entries include ‘111111’, ‘sunshine’, ‘princess’, ‘666666’, ‘654321’ and ‘donald’. Generally speaking, one often finds oneself dealing with names referring to people, pop culture or random things like “cookie” and “banana” or even years or dates of birth and very simple terms like “test”.


Who are the users who use these passwords?

According to SplashData, at least 10% of people have used one of the 25 worst passwords on the list compiled for 2018 and almost 3% have used the absolute worst password at least once. Another sore point: the majority of the five million passwords that SplashData took into account came from users in North America and Western Europe.


And what about the GDPR?

The entry into force of the GDPR, which brought with it the need for an adjustment of the security policies applied in data protection, including the use of ‘strong’ passwords, should, if nothing else, have brought European users out of the results of SplashData’s analysis. A wake-up call, therefore, that there is still a lot to be done in the field of security, starting with something as simple as choosing a suitable password.