25 Worst Passwords of 2022

worst passwords of 2022

Avoid These “Most Common Passwords” at all Costs

As IT professionals, our team at BSC Solutions Group has seen it all when it comes to bad or dangerous passwords. We know, however, that you have the best of intentions when creating your passwords, passcodes and usernames, which is why we like to provide this up-to-date list of the weakest or worst passwords in 2022. 

We’ve also included some basic information on different types of data breaches and how you and your team can create iron-clad passwords. 

We’ve included our previous list of the worst 25 passwords in 2019 to show how similar these dangerous, terrible, awful, risky passwords are. You get the picture, they’re bad.

From Splashdata, here are the twenty-five worst passwords of 2022:

As an example, the password “Password” has jumped to the #2 spot and 123456 is still #1. If you’re using any of these 25 passwords, you are going to want to change them immediately. 

Rank20192022
1123456123456
2123456789Password
3Qwerty12345678
4PasswordQwerty
5123456712345
612345678123456789
712345Letmein
8Iloveyou1234567
9111111Football
10123123Admin
11Abc123Iloveyou
12Qwerty123Welcome
13   1q2w3e4rMonkey
14adminLogin
15qwertyuiopAbc123
16654321Starwars
175555555123123
18LovelyDragon
19777777Passw0rd
20WelcomeMaster
21888888Hello
22Princessfreedom
23DragonWhatever
24Password1qazwsx
25   123qweTrustno1

Other common passwords that are too risky to use include:

  • Partner or spouse’s names
  • DOB
  • Digits from a phone number
  • ATM password
  • Nicknames
  • Pet’s name

As you can see from the list, common phrases and even some pop culture references are commonly used by hackers. Starwars is back on the list for 2022, having dropped off back in 2017, but classic characters like princess and dragon are perennial. 

How Do Data Breaches Happen?

A data breach happens when a hacker or cybercriminal accesses, infiltrates and steals confidential data. This can mean stealing data from a personal, public or business PC either at the computer itself or via remote access to the network.

Cyberattacks can take many forms from malware to phishing to password sniffing to employee leaks to stolen computer hardware and many more.  The most typical techniques that attackers use to perpetrate data breaches are discussed below.

Ransomware

Ransomware is software that freezes access to or gains control of your data. With control of your data and system, the hackers will demand a ransom to relinquish control.

Common Target: Much of the private sector and government enterprise.

Malware

Malware, also known as “malicious software,” describes any program or code in excess of the usual number of normal tasks that behaves in harmful ways while probing other systems.

Malware has been designed to infect computers and is often known to appear as a warning against potentially harmful software. This false warning can cause users to panic and download this software, without realizing that it’s really malware. Malware can encrypt and hijack a computer and its functions in no time.

When you visit untrustworthy websites, download infected files or click on malicious email links or attachments, the security of your computer can be damaged.

Common Target: Businesses of all sizes and individuals

Phishing

A common method hackers use to gain access to sensitive information is to employ phishing scams.

Phishing involves sending fraudulent emails. These email campaigns may include messages that falsely claim to be from a trustworthy source, in order to entrap unsuspecting individuals into doing something such as clicking on an unsafe link, downloading an infected attachment or transferring funds.

Common Target: Businesses of all sizes and individuals

Denial of Service (DoS)

Denial of Service is a type of cyber attack in which the attacker prevents access to a computer or network resource. DOS can be executed by overloading the current systems, which can prevent some or all requests (however legitimate) from being fulfilled.

Common Target: Services that are hosted on high-profile web servers 

If you need a hand creating a strong, hacker-proof password, we’ve included tips below:

  • Avoid using personal information like your name, username, anniversary, or birthday. Any publicly available information is too risky to use as a password or in a password.
  • Create a long password. Keep your password to a minimum of six characters.
  • Don’t use the same password between accounts. If someone figures out your “master” password for one account, all of your other accounts can be at risk.
  • Include a variety of characters. As Google often suggests, include a variety of characters like upper and lowercase letters as well as accepted symbols and numbers. 
  • Avoid using singular words. Something like Apple1 can be too easy for hackers to guess. Also, 1 is so commonly used in passwords, that you’re better off choosing another digit, or a set of digits. A better password in lieu of Apple1 might be @PpLe6! 
  • Use a phrase.  Phrases are another way to go with your passwords, particularly non-sensical ones.  They can also be easier to remember if you aren’t using a password manager.  An example might be “Mybluedoghas5legs!”  Note that this example also includes upper and lower case letters, a number and a symbol.  

For other examples, check out this video by Safety in Canada on how to create a strong password.

BSC Solutions Group is Here to Help Protect Your Computers and Network from Cyber Crime

We know that you want and need to protect your organization and all aspects of it, including your employees and valued clients. This is why we offer a wide variety of solutions to keep you as secure and protected against cyber attacks as possible.  One example is a centrally controlled password manager program which has the following features (and more) to easily enhance your security:

  • Manage passwords with your own private, encrypted storage vault.
  • Remember only one master username and password to access your entire vault.
  • Populate usernames and passwords on websites or applications with just a click.
  • Access your vault in the cloud from any device – desktop, laptop, tablet, smartphone.
  • Easily generate random, high-strength passwords for all your websites and applications
  • Get alerts when your passwords become outdated or weak.
  • Receive alerts on any passwords found on the Dark Web.
  • Allow users in a user group to access passwords through custom permissions.

When you need help with cyber security, backup and disaster recovery or anything else to do with your organization’s day-to-day networking needs, you can rely on our experts at BSC Solutions Group. With over 30 years of firsthand experience serving Brampton, ON and the greater Toronto area, we are your IT guardian angels. Book your free consult today to learn more about the difference we can make in securing your business.