In the early days of the internet, passwords were seen as an impenetrable force against anyone accessing your accounts.

These days, secure systems and websites insist on us creating long passwords full of weird and wonderful combinations of characters, and keep them in secure locations to maximise security.

However, many of us do neither of these things unless forced and it is common for people to use the same password across multiple sites and systems they have used since they first went online – to make it easy to remember.

As well as being Star Wars day (May the 4th be with you), today has also been declared World Password Day – with hundreds of tech companies worldwide championing the need for users to create secure passwords and keep them protected.

So which are the worst passwords that users continue to adopt?

The top 10 worst passwords of 2016

Keeper security, makers of the popular Keeper password manager, has compiled a list of the most commonly used passwords involved in data breaches in 2016. The top 10 being:

  1. 123456
  2. 123456789
  3. Qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. Password
  9. 123123
  10. 987654321

See any you recognise? Many of these passwords have been popular for years and have been on numerous lists over the years. The passwords are all short, and most are easy to remember as they stick to common patterns on the keyboard.

Best practice for creating secure passwords

Do you need to update your passwords? We’ve come up with a list of dos and don’ts to help you along:


  • Use a different password for each login, and only update your password if you think it may have been compromised
  • Use a password phrase and make it relevant. If you’re joining a crossword site think ‘knot my pencil’ and substitute some letters for numbers or symbols to form your password, e.g.: Kn0tmyP3n$1l
  • Make each password something you can visualise: it is easier for most people to remember them that way
  • Make each password more than 10 characters and include capital letters, numbers and symbols
  • The more personal and unique the better. For a clothing retail site, for example, you could use something like ‘mY5orit3$hirt’sR3d’ – my favourite shirt is red
  • Use a secure password manager (e.g. LastPass, Keepass, RoboForm) to safely store all your passwords. This makes it much easier to use highly secure and unique passwords for every account, meaning you only have to remember a master password to access the password manager from your registered devices
  • Switch on Multi-Factor Authentication or similar extra layers of security where available.


  • Use names of pets, businesses, family or friends
  • Use letter or number patterns such as 1234 or abcd, etc.
  • Use birthdays, addresses, postal or zip codes: even if you add a number or symbol
  • Create passwords of less than 10 characters
  • Store them locally (never write them down on a post-it note for example) or on the internet in an unsecured way.