We have some good news, and some bad news. Let's start with the good news.

The good news is that Star Wars Episode 9 will be released later on this year, and it looks like Emperor Palpatine will be back. No, this has nothing to do with passwords, but we wanted to start with something positive — because the bad news is really, really bad. Ready for it?

Here we go: according to research by SplashData, these were the 25 worst passwords of 2018 (i.e. the most easily guessed, cracked and predicted).

  • #25  qwerty123
  • #24  password1
  • #23  donald
  • #22  aa123456
  • #21  charlie
  • #20  !@#$%^&*
  • #19  654321
  • #18  monkey
  • #17  123123
  • #16  football
  • #15  abc123
  • #14  666666
  • #13  welcome
  • #12  admin
  • #11  princess
  • #10  iloveyou
  • #9  qwerty
  • #8  sunshine
  • #7  1234567
  • #6  111111
  • #5  12345
  • #4  12345678
  • #3  123456789
  • #2  password
  • #1  123456
If you want to see the complete, traumatizing list of 100 worst passwords, you’ll find it here.

Advice for End Users:

If you’re an end user who admits to having any of these terrible passwords “protecting” your accounts, then you know what to do. Before you become the next hacking victim, choose long (minimum 12 characters) strong, and complex passwords for each of your accounts. Use a mix of upper and lowercase, as well as alphanumeric characters to thwart guesses and brute-force attacks.

Advice for Sysadmins:

We’re sorry if this list has given you an ulcer. Yes, end users can and always will be the weakest area of the corporate threat surface. But don’t despair, here are some helpful articles — some for you, and some that you can share with your end users to make them part of the security solution instead of the problem: