25 Terrible Passwords & How To Stay Safe Online

We can all agree that passwords are important. They protect the data we want to keep away from prying eyes. Remembering passwords is another story. It’s not easy. Many of us fall into the habit of creating easily remembered but bad passwords that we use over and over again for many websites.

It’s easy to understand. Every website we visit requires us to log in, even if there really isn’t any sensitive information to protect. We will forgive some terrible passwords as long as there’s no financial information to protect. But you should consider the ramifications of your Facebook profile or your banking information getting into the wrong hands. 

When personal information is at stake, we should all have a perfect 25 character password memorized. Sadly this isn’t the case…  

To be sure that you have a healthy, uncrackable password, you can start by checking below at these 25 terrible passwords. If you see your password anywhere on this list, please be sure to change it immediately. Additionally, see our tips below for staying safe online. 

25 Terrible Passwords

The top ten terrible passwords shouldn’t be too surprising. There are the goto quick clicks that have become cliches in the world of data security. 

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

It’s easy to love the number 11 worst password. It is just begging for data corruption. If any of the following passwords look familiar to you – keep reading for helpful security tips to keep your data secure. 

  1. welcome
  2. 1234567890
  3. abc123
  4. 111111
  5. 1qaz2wsx
  6. dragon
  7. master
  8. monkey
  9. letmein
  10. login

And the final five terrible passwords. While not as horrific as the top ten, these five are still not safe for your personal information. 

  1. princess
  2. qwertyuiop
  3. solo
  4. passw0rd
  5. starwars

Passwords like the above are obscenely easy to crack leaving your valuable information open to hackers, spammers, and identity thieves. Midphase takes security very seriously, going as far as to insist that our clients use a two-factor authentication personal identification number (PIN) to make any changes to a hosting account.

How to stay safe online

To be sure that your information is kept safe, we recommend taking the following steps:

Change your passwords every 6 months

Six months is recommended at the very least. Many of your platforms will have you change your passwords much more often. 

Be long-winded when creating new passwords

Create passwords that are unique phrases and that are as long as the password allows. For example, ‘TheWhiteHorseSaysMoo’ is infinitely better than ‘horse1234’.

Keep track of them

Use a password manager like LastPass to keep track of all of your passwords if you feel you might forget them. Just be sure to keep track of your master password! 

Let technology do the work

Take advantage of password generators, like the ones featured in LastPass and other password managers, for sensitive information like bank account numbers or anywhere your social security number appears.

Use two-factor authentication

2FA is especially important when there is financial information involved like Amazon, eBay, or other ecommerce websites. 

Be vigilant

Keep security in mind whenever you open email, give out personal information, or shop online. Look for an SSL Certificate (a green padlock in the URL line) before making purchases or divulging information.

Install an SSL Certificate

Consider SSL Certificates as a top method to lock down your administration screens on Joomla and WordPress websites. These are a relatively inexpensive way to prevent cybercriminals from compromising your accounts.

An SSL Certificate is really just a digital certificate verifying your identity. Without an SSL Certificate, your visitors will get a warning message in their web browser. With shared SSL you use your hosting companies SSL Certificate, however with private SSL you must purchase your own SSL Certificate. It essentially allows data to be passed between our server and other computers in a secure encrypted format.

You can add an SSL Certificate to Midphase platforms quickly and easily giving your sites extra layers or protection. But what if you need more? Below you can find additional security information for your small business website to keep you and your customers safe. 

Are you safe from malware?

We hear about it almost every day: another major business is facing data corruption due to inadequate cybersecurity protection. No person or organization is immune to the dangers of cybercrime, just as no person or organization is completely secure. So what’s a small- to medium-sized business to do in the face of cybercrime?

Cybersecurity is the state of being protected from malicious entities that could access, corrupt, or harm your systems, including websites. Efforts to promote cybersecurity include secure passwords, careful monitoring of authorized users, SSL Certificates, firewalls, and malware detection and removal.

As a website owner, it’s important that you are paying attention to your cybersecurity efforts. This is especially true for ecommerce website owners who regularly handle customers’ sensitive data. Malware can easily worm its way into your systems to steal passwords, personal information, and even take your website offline.

What is malware?

Malware is a catch-all term for any piece of software designed to corrupt, damage, or disable another system. Malware includes worms, spyware, ransomware, adware, popups, browser hijacking, code injecting, and more. The list of types of malware is endless. Every day malware is sent around the web searching out its next victim. Learn more about the various types of malware below:


Keyloggers are malware that monitors every key you tap on your computer. Not very critical when writing an email to your uncle, but can be damaging when logging into your bank account.

Trojan horses

This type of malware pretends to be part of useful software downloaded for a purpose. However, hiding inside is malicious code waiting to damage your system.


Like keyloggers, spyware tracks your movements but it also tracks the websites visited, software used, and people contacted.


Adware sets up shop inside a website or application to present users with ads during use. If you’ve ever “won a free iPad” then you have experience with adware.


Worms are designed to spread through networks to infect as many systems as possible. Like viruses, they can distribute infected files or software build to corrupt your system.


This type of malware has made headlines recently. Ransomware steals your information or locks you out of a system, and then charges you a ransom to restore your systems. In most cases, even if the money is paid users are rarely restored.

How can I protect my website?

The best way to protect your website from malware is to employ safe internet habits and to add malware detection and removal services to your web hosting account. Midphase has partnered with SiteLock to offer cybersecurity to our clients.

SiteLock will scan your computer for any nasties that may be lurking and will quickly remove anything found. Once complete, you will receive a full report of SiteLock’s activity as well as notification should your website become compromised. SiteLock scanning begins instantly. Sitelock is always on and will automatically prevent attacks.

Learn more about SiteLock protection at Midphase.com.

How to add SiteLock to your CHI account:

To add SiteLock to your hosting account, log into your CHI account with your username and password. You can also visit our SiteLock web page. Choose from three SiteLock packages: Basic, Premium, or Enterprise. Add your choice to your shopping cart. Next, enter the necessary information about your account and finish the checkout process. Once complete, you can start to enjoy the benefits of SiteLock protection in minutes. In just a few clicks, you can stop malware in its tracks.