Derick St-Hilaire

Hello there! My name is Derick St-Hilaire, and I’m the Salesforce Administrator here at Devolutions. I’m one of the more experienced employees here at Devolutions, and it has been amazing to see the company and community grow over the years. My primary responsibilities include managing our Salesforce platform, and working closely with our strategic partners and customers. I also oversee the management of Devolutions Force, which is our VIP Advocate Community. Academically, I have a bachelor’s degree in marketing. When I’m not working, I enjoy camping, walking my dog, playing video games, and I’m a huge movie fan — including the Star Wars franchise of course. If you would like to join Devolutions Force, or if you wish to get in touch, then you are welcome to contact me directly at


The Scary List of the Worst Passwords

We have some good news, and some bad news. Let's start with the good news.

The good news is that Star Wars Episode 9 will be released later on this year, and it looks like Emperor Palpatine will be back. No, this has nothing to do with passwords, but we wanted to start with something positive — because the bad news is really, really bad. Ready for it?

Here we go: according to research by SplashData, these were the 25 worst passwords of 2018 (i.e. the most easily guessed, cracked and predicted).

  • #25 qwerty123
  • #24 password1
  • #23 donald
  • #22 aa123456
  • #21 charlie
  • #20 !@#$%^&*
  • #19 654321
  • #18 monkey
  • #17 123123
  • #16 football
  • #15 abc123
  • #14 666666
  • #13 welcome
  • #12 admin
  • #11 princess
  • #10 iloveyou
  • #9 qwerty
  • #8 sunshine
  • #7 1234567
  • #6 111111
  • #5 12345
  • #4 12345678
  • #3 123456789
  • #2 password
  • #1 123456

If you want to see the complete, traumatizing list of 100 worst passwords, you’ll find it here.

Advice for End Users:

If you’re an end user who admits to having any of these terrible passwords “protecting” your accounts, then you know what to do. Before you become the next hacking victim, choose long (minimum 12 characters) strong, and complex passwords for each of your accounts. Use a mix of upper and lowercase, as well as alphanumeric characters to thwart guesses and brute-force attacks.

Advice for Sysadmins:

We’re sorry if this list has given you an ulcer. Yes, end users can and always will be the weakest area of the corporate threat surface. But don’t despair, here are some helpful articles — some for you, and some that you can share with your end users to make them part of the security solution instead of the problem:

Related Posts

Read more Security posts