The 25 Most Popular Passwords of 2015 (Are Terrible)

By Sean Norris

If the outcry against the since-defeated IRS substantiation proposal is any indication, data security is a big deal in the nonprofit sector. The proposed rule, which would have required participating charities to collect and submit donors' social security numbers, met vigorous opposition and racked up 38,000 comments during its comment period, causing the IRS to withdraw the proposal. It was a major victory for nonprofits, and it showed that the sector takes data security seriously on the macro level.

But what about the micro level? What about your passwords?

By now, everyone knows that a strong password is a critical first line of defense against would-be data thieves—one bad password from one staffer in your organization is all it takes to open the door to hackers—yet, by and large, we're still pretty bad at the whole thing. Just take a look at this list of the 25 most popular passwords of 2015, from security-services firm SplashData, via Engadget (change in position from 2014 in parenthesis):

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up one)

4. qwerty (Up one)

5. 12345 (Down two)

6. 123456789 (Unchanged)

7. football (Up three)

8. 1234 (Down one)

9. 1234567 (Up two)

10. baseball (Down two)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up one)

14. 111111 (Up one)

15. 1qaz2wsx (New)

16. dragon (Down seven)

17. master (Up two)

18. monkey (Down six)

19. letmein (Down six)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

That is ... terrifying. By now, it should be common sense that you need a strong, hard-to-guess password—but look at this list! The top two passwords remained unchanged from 2014, and they're maybe the worst passwords possible. Heck, they were even making jokes about this in 1987:

Maybe even more concerning is that "12345678" gained in popularity over the last year and "1234567890" made its first appearance on the list (at No. 12, no less), indicating that many folks were aware they needed to beef up their passwords, but did so quite poorly. Not counting new entries, "football" was the biggest riser in 2015, moving up three spots from 2014 to finish at No. 7. And in a blow to mythical creatures everywhere, "dragon" dropped seven spots, the biggest fall from 2014.

Other notable entries include "solo" and "starwars"—both new to the top 25 and undoubtedly influenced by the release of "Star Wars: The Force Awakens" in December 2015—continuing the bizarre, emerging trend of popular movies used as passwords. (On the 2014 list, "superman" and "batman" appeared, perhaps coinciding with the announcement of "Batman v Superman" or the release of "Man of Steel," both in 2013.) Then there's the ever-stalwart "monkey," which has appeared on the list every year since 2011, for some reason.

So, remember: Data security starts with you. Change your passwords, people!