If Your Password is on This List, You’re in Big Trouble

online password list

It’s possible that you have the wrong idea of who hackers actually are. They are sometimes portrayed in movies as nerdy teenagers, hiding in their parents’ basements, trying to guess your passwords. That is not typically how it is done.

These days it’s more likely that dozens of hackers are working together in an office building somewhere. They try breaking into computer systems and ultimately take over your computer, demanding a ransom to give it back. Or they could try making a fast buck by selling your usernames and passwords on the Dark Web.

Either way the end results are terrible for the victims. Unfortunately, some people make it easy on the hackers by using some pretty common passwords that are simple to break.

If your password has made it onto the following list, you’ve got huge problems and you might not know it yet.

Top 50 most vulnerable passwords

Some of the most common mistakes people make when creating passwords are they’re too short, too simple, not unique and they never change.

Another huge mistake people make is using the same password on multiple sites. If your password is breached on one site, the cyber criminal can use it to break into other accounts that you’re using it on. Not good!

The site Have I Been Pwned keeps track of data breaches and stolen credentials. It recently published a list of the most vulnerable passwords found in breaches.

Here are the top 50 passwords on the list along with the number of times each was exposed: (Note: We’ve blurred out one of the passwords because it is explicit language and uses the f-bomb.)

Image: Top 50 most vulnerable passwords. (Source: Have I Been Pwned)

Take these steps if your password made the list

If you find yourself in the unfortunate position of having at least one of your passwords on the list, follow these steps to make sure that you’re secure.

Change your password

If your password was part of this list, change it immediately. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.

Set up two-factor authentication 

Two-factor authentication (2FA) means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.

With 2FA set up on your accounts, a thief will need more than just a stolen password to break in.

Check whether your accounts have been hacked

Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.

Just enter a valid email address that you use on other sites and Have I Been Pwned will check to see if it’s been compromised in a data breach. You can also enter in domain names, like eBay, to be notified in case of a site-wide disaster.

After you sign up, Have I Been Pwned will alert you if your email address shows up in any list of hacked information. The site also displays the latest hack or account compromise on the front page, so you can take immediate action to protect your compromised accounts.


“If Your Password Is On This List, You'Re In Big Trouble.” The Kim Komando Show, 2018, https://www.komando.com/happening-now/465883/if-your-password-is-on-this-list-youre-in-big-trouble.

Related Reading: