The most common mistakes people make when choosing passwords

News | 31.05.2018

According to a new study by a researcher at Virginia Tech and Dashlane, a popular password manager service, most users make the same mistakes when making passwords, such as making their password the name of a popular brand or sports team.

And while these things make passwords easy to remember, they aren't all that secure, and make passwords easily guessable by hackers.

The study evaluated 6.1 million anonymized passwords gathered by Gang Wang, a computer science researcher at Virginia Tech, and analyzed by Dashlane. Those passwords come from the massive troves of user personal data that have been leaked in data breaches over the years.

Here are the most common patterns and mistakes people make, and what you should avoid:

Recycling the same password (or modifying it slightly) for every website

According to Wang's initial study, more than half of users reused the same password from site to site or modified it slightly.

"It is difficult for humans to memorize unique passwords for the 150+ accounts the average person has," Wang said in a statement. "Inevitably, people reuse or slightly modify them, which is a dangerous practice. This danger has been amplified by the massive data breaches which have given attackers more effective tools for guessing and hacking passwords."

Password walking

Password walking refers to the practice of using combinations of letters, numbers, and symbols that are adjacent to one another on the keyboard, like "qwerty" and "123456."

Here are some other common password walking Dashlane researchers found:

  • 1q2w3e4r
  • 1qaz2wsx
  • 1qazxsw2
  • zaq12wsx
  • !qaz2wsx
  • 1qaz@wsx

Strong expressions of love or hate

Another common practice Dashlane researchers found: strong expressions of love or hate, with hateful passwords most often expressed with choice words.

Here are the most common love/hate passwords Dashlane found:

  • iloveyou
  • f*ckyou
  • a**hole
  • f*ckoff
  • iloveme
  • trustno1
  • beautiful
  • ihateyou
  • bullsh*t
  • lovelove


Researchers found that common brands also appeared in many passwords. Here are the most common brands used in passwords.

  • myspace
  • mustang
  • linkedin
  • ferrari
  • playboy
  • mercedes
  • cocacola
  • snickers
  • corvette
  • skittles

Pop culture references

Popular movies, music, and tv shows also made their way into passwords used in the study. Here are the most common ones.

  • superman
  • pokemon
  • slipknot
  • starwars
  • metallica
  • nirvana
  • blink182
  • spiderman
  • greenday
  • rockstar

Champions League

Dashlane found a ton of sports-related passwords, but the Champions League (that's soccer, for Americans) topped them all. Here are the most common Champions League passwords:

  • liverpool
  • chelsea
  • arsenal
  • barcelona
  • manchester

Now that you know what to avoid, here are some ways to write good, hacker-proof passwords.

  • Use a unique password for every online account
  • Generate passwords that exceed the minimum of 8 characters
  • Create passwords with a mix of case-sensitive letters, numbers, and special symbols
  • Avoid using passwords that contain common phrases, slang, places, or names
  • Use a password manager to help generate, store, and manage your passwords
  • Never use an unsecured Wi-Fi connection
  • Use Securonix solutions to keep your access related risk in check