After reviewing five million passwords leaked in 2017, SplashData has released a list of the most popular, and therefore dangerous, passwords currently being used. Usually, when we hear about the top, worst passwords, the list is for the previous year. Yet SplashData has released a list of the top 100 worst passwords of 2017 while we are still in 2017.
As always, there have been some changes in what constitutes the worst-of-the-worst passwords as well as some of suckiest passwords still clinging to their original rank. For example, “123456” and “password” remain as the top two most popular passwords, but “starwars” is a newcomer to the list.
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData, Inc. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”
Swapping the letter “o” with the number “0” may seem like a good idea to change up your password, but SplashData pointed out that trick isn’t so slick. On this year’s list, there are six variations of the top two worst passwords “123456” and “password” which replaced “o” with “0” or added extra digits to the numerical string.
“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” Slain said.
The password management company estimated that nearly “10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.”
“Football” is the only sport being used as a password in the top 10, but “hockey” comes in at 78 and “soccer” at 87 in the top 100 worst passwords of 2017 (pdf).
Some people opt for a password which looks like nonsense, but actually follows a simple pattern on a keyboard. For example, “qazwsx” is a newcomer to the list of top 25 worst passwords.
Other newcomers to the worst-of-the-worst include “letmein”, “monkey”, “hello”, “freedom”, “whatever” and “trustno1”.
So, if one of your passwords is on this list, then way to go! You’ve joined the ranks of people using the worst and least secure passwords of 2017.
SplashData’s top 25 worst passwords in 2017 |
SplashData’s top 25 worst passwords in 2016 |
1) 123456 |
123456 |
2) password |
password |
3) 12345678 |
12345 |
4) qwerty |
12345678 |
5) 12345 |
football |
6) 123456789 |
qwerty |
7) letmein |
1234567890 |
8) 1234567 |
1234567 |
9) football |
princess |
10) iloveyou |
1234 |
11) admin |
login |
12) welcome |
welcome |
13) monkey |
solo |
14) login |
abc123 |
15) abc123 |
admin |
16) starwars |
121212 |
17) 123123 |
flower |
18) dragon |
passw0rd |
19) passw0rd |
dragon |
20) master |
sunshine |
21) hello |
master |
22) freedom |
hottie |
23) whatever |
loveme |
24) qazwsx |
zaq1zaq1 |
25) trustno1 |
password1 |