Password management company SplashData has published its annual list of the “Worst Passwords of the Year”, showing that people around the world are still using the same, weak passwords to protect their accounts.
While most of the top 25 worst passwords are old favourites, 2017 saw eleven new passwords join the worst list, with ‘starwars’ being one of the more prominent new entries, thanks to the buzz around the latest movie.
In its seventh annual Worst Passwords report, compiled from more than five million passwords leaked during the year, ‘starwars’ joins the list at #16.
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData, Inc.
“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”
The past two years have been particularly devastating for data security, with a number of well publicised hacks, attacks, ransoms, and even extortion attempts. Millions of records have been stolen.
Even with the risks well known, many millions of people continue to use weak, easily-guessable passwords to protect their online information. For the fourth consecutive year, “123456” and “password” retain their top two spots on the list.
Variations of each, either with extra digits on the numerical string or replacing the “o” with a “0” in “password,” comprise six of the remaining passwords on the list.
“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” said Slain.
“Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”
These are the 25 worst passwords of 2017 – new entries are bolded.
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.
It offered three simple tips to be safer from hackers online:
- Use passphrases of twelve characters or more with mixed types of characters including upper and lower cases.
- Use a different password for each of your website logins. If a hacker gets your password they will try it to access other sites.
- Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.