Photo : Shutterstock

Don’t use bad passwords. Not even for stupid stuff. Because the dumb social network you join today might add a wallet or a cloud service or a camera some day, and before you know it, the only thing stopping someone from draining your bank account and spying on your home is the word “dragon.”




“Dragon” was the 23rd most-popular password in 2019, according to SplashData, makers of the password managers SplashID, TeamsID, and Gpass. It replaces “Donald,” which was especially popular last year, and “starwars,” which was a top choice in 2017.

Here are all 25 of the most popular passwords of the year, judging by how often they showed up in data breaches. See the full 100 worst passwords on SplashData’s site.




123456 123456789 qwerty password 1234567 12345678 12345 iloveyou 111111 123123 abc123 qwerty123 1q2w3e4r admin qwertyuiop 654321 555555 lovely 7777777 welcome 888888 princess dragon password1 123qwe

Any password that’s extremely popular is bad by definition, because hackers (and their software) are more likely to guess it. It doesn’t matter how “weird” a password looks if everyone uses it. Use a password manager, and have it make giant passwords for you, which it will also remember for you. And enable two-factor authentication.