World’s worst passwords list revealed – check your password strength today

How to check your password strength: As a list of 2016’s worst passwords is revealed, our guide helps you stay safe online and protect yourself against hacking.

Scarcely a day goes by without some kind of online security brouhaha hitting the headlines. Our digital selves are more vulnerable than ever in 2017, yet we’re often our own worst enemy, not least when it comes to the passwords we use.

A new study by password manager Keeper shows that many of us are still using rudimentary phrases to safeguard our accounts, with nearly 17% of people still relying on the infamous ‘123456’ – equivalent to using Swiss cheese as a condom.

A handful of seemingly more complex letter/number combos appear on the list, but Keeper notes that these too are vulnerable, as they’re based on predictable keystroke patterns.

Before we get on to how you can check your password’s strength, let’s take a look at the 2016 Hall of Shame.

Related: Best password manager

Most common passwords 2016

According to Keeper’s report, which is based on the more than 10 million codewords revealed by data breaches in 2016, the world’s most common/popular/dumbest passwords are:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

Are you on the list? Then you’ll want to change your password to something more robust right now, which brings us to…

Related: MWC 2017

How to check your password strength

Devising a secure password isn’t as easy as it sounds, but fortunately, there are a number of decent password strength checking tools available for free online.

Two that standout in particular are Kaspersky Lab’s Secure Password Checker, and How Secure Is My Password? (HSIMP), which is backed by popular password manager Dashlane.

While neither checker is bulletproof – both sites state that they are purely for educational purposes – they do give you a rough idea of how tough your password is to hack.

Of the two, Secure Password Checker is definitely the more paranoid. I entered the same phrase into both tools, with Kaspersky’s informing me that a bruteforce attack on my computer would crack my password in just 15 seconds – HSIMP had the figure at four days.

The discrepancy underlines that password strength checkers aren’t 100% reliable, but they are a starting point if you’re looking to get serious about your online security.

Related: How to secure your home network from hackers

password hack

How to check if your password has been hacked

If you’re reading this and your bum is squeakier than when your team cocedes an injury time free kick on the edge of the box, it might be time to check if you’ve already been the victim of a data breach.

Here, Have I been pwned? (HIBP) is your friend – just enter your email into the search box and it will tell you if any accounts linked to the address have been subject to a breach.

Other options to check if you’ve been hacked include Breach Alarm and Has my email been hacked?, although they’re not quite as comprehensive or up-to-date, based on my investigations; inputting an email I knew had been compromised, all three sites flagged the 2013 Adobe hack, but only HIBP highlighted a smaller 2016 breach of another website.

For more tips on how to improve your online security, check out Get Safe Online, a UK site that’s sort of like the Citizen’s Advice Bureau for digital denizens.

Related: Best free antivirus software

WATCH: Death by Driverless – who’s to blame when robot cars kill?


What’s your take on password security? Share all your thoughts, tips, tricks, and favourite tools in the comments below.

Latest from Trusted Reviews