JDPFu.com 2025

Rank    Password     Count
1	123456	     290731
2	12345	     79078
3	123456789    76790
4	Password     61958
5	iloveyou     51622
6	princess     35231
7	rockyou	     22588
8	1234567	     21726
9	12345678     20553
10	abc123       17542
11	Nicole	     17168
12	Daniel	     16409
13	babygirl     16094
14	monkey	     15294
15	Jessica	     15162
16	Lovely	     14950
17	michael	     14898
18	Ashley	     14329
19	654321	     13984
20	Qwerty	     13856

What can we learn by these and the next 200 most popular passwords?

A don’t list.

1. Don’t use a name
2. Don’t use a dictionary word
3. Don’t use any sequence of numbers or letters
4. Don’t use keyboard patterns
5. Don’t use the year or month (numeric or text)
6. Don’t use the same password for multiple logins
7. Don’t use the same password at work and home
8. Don’t let your web browser remember passwords, ever
9. Don’t share any of your passwords with anyone. Yes, Mom, this means you shouldn’t tell me your passwords either

Here’s the do list.

1. Do mix upper, lower, numbers and special characters, at least 1 of each
2. Do use at least 8 characters
3. Do use a different password for every account / website
4. Do change your few commonly used passwords on a Tuesday (so you have a few days to memorize them before a weekend)

That’ a fairly short list. Simple, yet deceptively complex.

Picking Good Passwords is a way of life going forward

The easiest way that I know to accomplish all these goals is to use the free KeePass password manager. Preferably use the portable version that doesn’t need to be installed. There is a UNIX and OSX version called KeePassX available too. All are free and FLOSS – Open Source. Just google to find these programs if my links don’t work.

In KeePass, let the program

• create good passwords
• remember your userid (don’t use the same userid everywhere)
• remember your password (when they are all complex and different, no human will remember them)
• fill in the password on web site for you
• safely encrypt the password database

Of course, now you need to set a really, really good password to open the KeePass database, but that’s just 1 password to recall, not 20 or more.

With all your passwords stored in a single place, it is critical to backup the program and password database to a different hard drive, at a friend’s home, just someplace else. If you use the portable version of the program, this is really easy, just copy the files and DB to a different drive. Dropbox is a popular free service that is IDEAL for this type of backup, but giving a friend or family member your KeePass backup may be much easier for most people. Since it is encrypted with state of the art encryption and you aren’t going to tell them the password, it is fine for almost anyone to have your files.

More detailed analysis of the passwords

By using the 5,000 most common passwords, 20% of the 32 million accounts could have been accessed. Scary. The fact that most of these passwords were even allowed says much about poor security administration practices. Tools exist to prevent bad passwords from being selected, many include the option of a personal, localized, dictionary to block company terms too.

If you still don’t want to use KeePass or some similar program (LastPass is another), please visit Security Now and read or listen to the personal password policy episodes 4 and 5 for techniques to create secure passwords.