Dangerous passwords | What makes a secure password?

A strong password makes every user account significantly more secure. If you use an insecure password, you make your account vulnerable to attacks and potentially cause harm to the company's website.

What passwords and usernames should you avoid?

We've compiled the most popular passwords and usernames. Never use these under any circumstances, as they make your users and information very easily accessible.

The most popular passwords

The most popular passwords include both international and Estonian user passwords. They are listed in random order. Similar passwords are written next to each other. Also avoid using passwords that are similar to popular ones - for example, Qwerty321 is not on this list, but it is obviously still a very insecure password.

Dangerous passwords:

1234 / 12345 / 123456 / 1234567 / 12345678 / 123456789 / 1234567890
111111
123123
test1 / test
password / parool
asdf
qwerty / qwerty1
Aa123456.
iloveyou
abc123
teretere
lammas
killer
martin
minaise
maasikas
kallis
armastus
samsung
lilleke
kiisuke
kallike
lollakas

Not the most popular, but very frequently used passwords that you should definitely not use on a WordPress site are:

administraator / Administraator
admin / Admin
root / Root

Avoid these usernames on WordPress websites

When setting up WordPress and adding users later on, there are certain usernames that are definitely not a good idea to use. These are:

adm
admin
admin1
hostname
manager
qwerty
root
support
sysadmin
test
user

How should you handle passwords?

1. Use strong passwords

Strong passwords ensure user account security. First and foremost, avoid the most popular passwords.

A strong password:

✅ Is a combination of letters and symbols - don't use a single common word (e.g., strawberry)
✅ Does not contain easily accessible information about you, such as birth year, date, etc. (e.g., strawberry1989 or strawberry89)
✅ Is long enough - at least 12 characters
✅ Does not contain widely used letter-to-number substitutions (e.g., str4wb3rry)

You can test your passwords here, for example: https://howsecureismypassword.net/. Using this tool, we can see that, for example, the password "strawberry" can be guessed in 5 seconds!

2. Don't reuse passwords

One very common practice is using the same password and username combination in multiple places. This means that if someone successfully hacks into one place, all other accounts using the same or similar password are as good as hacked too.

If remembering different passwords seems too difficult, you can do the following:

🟢 Use very secure passwords for your most important accounts. For less important accounts where no personal information is stored, you can use slightly simpler passwords. Nevertheless, use unique passwords everywhere.
🟢 Use password management software (e.g., Dashlane, etc.)

3. Change passwords regularly

Regularly changing passwords is a good way to ensure security. If this article has hit close to home, you should do it right away!

You should also change passwords immediately if your emails and passwords have been leaked. You can check this here: https://haveibeenpwned.com/ where you can verify whether information associated with your email has been compromised in any breach.