Last updated April 2020
You know it’s important to use secure passwords. But with so many to remember—on average, each of us has more than 80—it’s a real challenge to make them long and strong.
That’s why so many people create one simple, easy-to-crack password, such as password, admin, or abc123, and use it over and over on all their websites and apps. Here’s a list of the Top 50 Worst Passwords of 2019 from SplashData.
Digital security expert Adam Levin, author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, says that’s a big mistake.
“Hackers love this because it makes their life so much easier—if they can snag the password from one of your accounts, they can use it to attack all the others,” Levin told Checkbook. “It’s like having the same key to start your car, unlock your house, open your safe deposit box and lock your desk at work. Doesn’t make a lot of sense.”
Password manager software solves this problem. They create strong and unique passwords for all your online accounts. They’re stored in a digital vault that’s accessible from all your devices.
“Then you only need to remember one secure password that unlocks the password manager,” Levin explained. “The password manger does all the heavy-lifting. It helps you create and store those passwords and then automatically fills them in when you log on.”
Password managers also encrypt everything, “which means your passwords are scrambled into a code that’s hard for hackers to crack,” said Bree Fowler, a senior tech writer at Consumer Reports.
Ratings from Consumer Reports
Consumer Reports Digital Labs tested 10 popular password managers, using a new rating system. Each product was graded on three factors:
- Usability: Does it offer automatic password generation, automatic password changes, or notification when a password is part of a data breach? The more features, the higher the score.
- Security: How resistant is the product to hacking attempts?
- Privacy: What data does the service collect for itself, what is that data used for, and who is it shared with?
CR said the clear winner is 1Password ($60 a year). It scored 88 out of 100 points.
“It was the only password manager we tested to receive an overall excellent rating in all three categories,” Fowler said.
CR also recommended:
- Keeper Password Manager ($60 a year): With an overall rating of 79, it had top scores for usability and data security.
- Bitwarden ($12 a year): It scored a 73 and was judged to be excellent for usability and good for data privacy and security. Its free version also earned good marks across the board for on overall 72.
Coming in at the bottom of the ratings: Dashlane Free, Norton 360 Deluxe, and McAfee True Key.
You May Already Have Password Managers on Your Devices
Most of the well-known internet browsers, including Safari, Chrome, Firefox, and Edge (on Windows 10) offer built-in password managers with the option to sync those passwords across multiple devices. While the “save passwords” feature on these browsers is convenient, it is not as robust as what you’d get with a dedicated password manager program.
Even so, “any tool that encourages you to use unique passwords, and hopefully complex ones, is a win,” said Chester Wisniewski, a principal research scientist at IT security company Sophos. “If you decide to use the password storage feature on Firefox, be sure to set a ‘master password’ to ensure the passwords will be stored safely.”
Take Advantage of Two-factor Authentication
Even the best passwords can be compromised through phishing attacks or data breaches. That’s why digital security experts recommend using two-factor authentication (2FA) when available.
Two-factor authentication requires a password and a second identifying factor—such as a fingerprint or a code sent to your phone, email address or app—to log into that account.
It’s not foolproof, but 2FA can stop most hackers from using a stolen password to access important accounts.
Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He is also the consumer reporter for KOMO radio in Seattle. You can also find him on Facebook, Twitter, and at ConsumerMan.com.