SplashData has published its annual list of the worst passwords of the year and with a quick glance one thing is clear: we never learn. Oh, and there are a lot Star Wars fans out there.
The list is created using data from more than five million passwords that were leaked by hackers in 2017. As SplashData notes, the past two years have been particularly devastating for data security, with a number of well-publicized hacks (Equifax, Dropbox, and the SEC to name a few), attacks, ransoms, and even extortion attempts.
And yet, people continue to use easy-to-guess passwords to protect their information. For example, “123456” and “password” retain their top two spots on the list—for the fourth consecutive year. Variations of these two “worst passwords” make up six of the remaining passwords on the list.
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.
There are some newcomers, including “starwars,” which joined the list at No. 16. Other new passwords to join the list include “freedom,” “monkey” (that’s puzzler), “letmein,” and “hello.”
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said SplashData CEO Morgan Slain. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”
SplashData (and other organizations that have collected similar data) provide the same advice year-after-year to secure their data. People should use passphrases of twelve characters or more with mixed types of characters including upper and lower cases; and they should use a different password for each website logins.
Finally, use a password manager to organize passwords, generate secure random passwords, and automatically log into websites, SplashData suggests.
In case it isn’t clear, SplashData warns that “use of any of the passwords on this list put users at grave risk for identity theft.”
Change your password today.
The top 25 passwords on the 2017 list.
1. 123456 (Unchanged)
2. Password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 2)
5. 12345 (Down 2)
6. 123456789 (New)
7. letmein (New)
8. 1234567 (Unchanged)
9. football (Down 4)
10. iloveyou (New)
11. admin (Up 4)
12. welcome (Unchanged)
13. monkey (New)
14. login (Down 3)
15. abc123 (Down 1)
16. starwars (New)
17. 123123 (New)
18. dragon (Up 1)
19. passw0rd (Down 1)
20. master (Up 1)
21. hello (New)
22. freedom (New)
23. whatever (New)
24. qazwsx (New)
25. trustno1 (New)
And here’s the next batch, in case you’re out of password ideas. Again: Don’t use these.
26. 654321
27. jordan23
28. harley
29. password1
30. 1234
31. robert
32. matthew
33. jordan
34. asshole
35. daniel
For all 100, including many that are not safe for work, you can go to SplashData’s complete list.
