Top 25 worst, most insecure passwords used in 2017

SplashData released a list of the top 100 most popular, and therefore dangerous, passwords used in 2017.

About half of those responding to an online survey say their passwords are over five years old.
Thinkstock

After reviewing five million passwords leaked in 2017, SplashData has released a list of the most popular, and therefore dangerous, passwords currently being used. Usually, when we hear about the top, worst passwords, the list is for the previous year. Yet SplashData has released a list of the top 100 worst passwords of 2017 while we are still in 2017.

As always, there have been some changes in what constitutes the worst-of-the-worst passwords as well as some of suckiest passwords still clinging to their original rank. For example, “123456” and “password” remain as the top two most popular passwords, but “starwars” is a newcomer to the list.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData, Inc. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Swapping the letter “o” with the number “0” may seem like a good idea to change up your password, but SplashData pointed out that trick isn’t so slick. On this year’s list, there are six variations of the top two worst passwords “123456” and “password” which replaced “o” with “0” or added extra digits to the numerical string.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” Slain said.

The password management company estimated that nearly “10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.”

“Football” is the only sport being used as a password in the top 10, but “hockey” comes in at 78 and “soccer” at 87 in the top 100 worst passwords of 2017 (pdf).

Some people opt for a password which looks like nonsense, but actually follows a simple pattern on a keyboard. For example, “qazwsx” is a newcomer to the list of top 25 worst passwords.

Other newcomers to the worst-of-the-worst include “letmein”, “monkey”, “hello”, “freedom”, “whatever” and “trustno1”.

So, if one of your passwords is on this list, then way to go! You’ve joined the ranks of people using the worst and least secure passwords of 2017.

SplashData’s top 25 worst passwords in 2017

SplashData’s top 25 worst passwords in 2016

1)      123456

123456

2)      password

password

3)      12345678

12345

4)      qwerty

12345678

5)      12345

football

6)      123456789

qwerty

7)      letmein

1234567890

8)      1234567

1234567

9)      football

princess

10)   iloveyou

1234

11)   admin

login

12)   welcome

welcome

13)   monkey

solo

14)   login

abc123

15)   abc123

admin

16)   starwars

121212

17)   123123

flower

18)   dragon

passw0rd

19)   passw0rd

dragon

20)   master

sunshine

21)   hello

master

22)   freedom

hottie

23)   whatever

loveme

24)   qazwsx

zaq1zaq1

25)   trustno1

password1

Related:
NEW! Download the Winter 2018 issue of Security Smart