When creating a password, we’re often prompted to include a number, a capital letter, and a unique character like an exclamation point. Passwords also have character limits, usually between 6 and 30 characters, or other rules regarding spacing or repeated letters. All of these rules are designed to make our passwords difficult to crack–and yet, several passwords tend to be used over and over again. These commonly used passwords are easy to figure out, and if a hacker guesses your password correctly, they can put your account and data in jeopardy. 

In order to avoid using easily guessable passwords, it’s good to know which passwords and password creation strategies are especially common. That way, you can avoid using these passwords yourself, or at least strengthen the passwords you already use.  

“Password” Passwords

One of the top offenders for overly simplistic passwords is the word “password.” Sometimes, the word will include numbers at the end, or even one of the aforementioned special characters. However, there are only so many variations of the word “password” followed by numbers, and “password” is an easy starting point for someone who’s trying to hack into your account.

Sometimes, passwords like to reference the fact that they’re passwords. For this reason, a person might choose the password “admin,” “login,” or even “letmein.” However, all of these words have shown up on common password lists multiple times, and “letmein” could easily let in someone you don’t want accessing your account.

Straight Number or Letter Passwords

Although most sites now require specific guidelines for password creation, some still allow you to put in any combination of letters or numbers you want. This policy leads to some less-than-secure passwords, like a straight line of numbers (123456) or letters (qwerty). In fact, 123456 was the most frequently hacked password from 2013-2018, with 123456789 coming in third in 2018’s rundown and qwerty placing in the top ten. A straightforward combination of letters and numbers, like 123abc, is also less than ideal, as the combination lacks complexity and could quickly be guessed. Similarly, the password !@#$%^&* may look strong, but if you take a look at the numbers on your keyboard… you’ll realize why it’s not a great choice. 

Passwords Involving Personal Information

Plenty of people want a fun, easily memorable password. The problem is, a password pertaining to your job, pets, or hobbies could easily be predicted by someone close to you. And if you’re very open about your interests, even a stranger could feasibly guess–one look at your Facebook page or Twitter might give away your password. 

Famous Characters or Series

Similar to personal information, using the names of famous characters or series seems like a unique, easy to remember strategy, but it can easily backfire. Some commonly used passwords have included batman, starwars, and superman. Since these series are so well known, it makes sense that so many people are using them–however, their popularity is the exact reason why passwords like these should be avoided. 


In recent years, it’s become a trend to use names as passwords. These names don’t necessarily relate to the person creating them, but they’re still easy to guess, since they tend to be popular or topical names. For instance, donald and charlie made the Top 25 list for popular passwords in 2018, and michael and ashley have also made frequent appearances. Unless the name is especially unique and scrambled with numbers, it’s best to avoid using names altogether. 

Other Random but Frequently Used Passwords

Many popular passwords aren’t as easy to predict as “123456,” but they’re still fairly common and easy to guess, which means they’re probably not the best to use. Some of these recent passwords have included sunshine, princess, monkey, flower, and baseball. The common theme here is harder to determine, but in each case, the password is a single word, and it lacks any additional numbers or special characters. 

What can I do to Make my Password Stronger?

About 10% of people have used one or more of the passwords on this list. That’s a huge number, and it makes a hacker’s job easy when the same passwords are being used repeatedly. For this reason, having a unique, hard-to-guess password is not only a smart idea, but a necessity. 

There are a variety of ways to create a strong password. For instance, adding random but easily memorable numbers between letters can make that password harder to predict. Even switching out an o for a 0 makes a password stronger, though it’s not always strong enough, as is the case with the commonly used “passw0rd.” 

Many experts recommend combining three unrelated words together, especially with added numbers and special characters. For instance, Crocodiletennispokemon is much stronger than monkey, baseball, or batman, and cr0c0dile!tennis!p0kem0n is even stronger! Of course, there’s a point where the password might become too convoluted for you to remember–this doesn’t mean the password’s bad, just that you’ll need help keeping track of it. In these cases, a password manager is ideal, as it can keep tabs on your various passwords and remind you which passwords connect to which sites and programs.

A strong password is the first step to ensuring your accounts are protected. A weak password is basically a “welcome” to someone who wants to steal your information (and yes, “welcome” is a commonly used password, too). In order to keep your accounts and information secure, always use multiple, unique, but unconnected words along with numbers and special characters. And as your passwords grow more complex, consider investing in a password manager to help you keep all of your strong, secure passwords organized.