The Worst Passwords of 2017

You probably don’t spend much time thinking about your password at work — but you should. Weak passwords can be a serious security threat, putting your employer’s data (and ultimately your job) at risk.

To help keep us in check, SplashData, a password management application provider, has compiled its seventh annual list of the worst passwords of the year. The report estimates that roughly 10 percent of people have used at least one of the 25 worst from this year’s list.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” said Morgan Slain, CEO of SplashData, Inc, in the press release. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

'Merely tweaking an easily guessable password does not make it secure.' - Morgan Slain

Click to tweet

Terrible Passwords

Let’s take a look at the top 10 entries from the list:

1. 123456 (rank unchanged since 2016 list)
2. password (unchanged)
3. 12345678 (up 1)
4. qwerty (up 2)
5. 12345 (down 2)
6. 123456789 (new)
7. Letmein (new)
8. 1234567 (unchanged)
9. football (down 4)
10. iloveyou (new)

The top two passwords on the list (123456 and password) remain unchanged from last year. Clearly these are not secure. Adding more digits to the string (see numbers 3, 5, 6, and 8, from the top 10 list alone) or playing around with the keyboard (qwerty – #4, asdf – #85, and qazwsx – #24) doesn’t work out too well either.

Similarly, your first name is a terrible password. It seems like this might be common sense. Still, many made the list: robert – #31, matthew – #32, and ashley – # 69, just to name a few. These entries likely made the top 100 list as opposed to other first names because they’re fairly common. But, no matter what your first name is, it’s just really not a safe password.

The password “starwars” came in at #16 this year, likely due to the highly anticipated release of Star Wars: The Last Jedi.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” Slain added. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Building a Better Password

SplashData provides three tips for better passwording in the new year:

1. Employ 12 characters or more. Use mixed upper- and lower-case characters.
2. Use different passwords for different logins.
3. Use a password manager to organize passwords, generate random and secure passwords, and automatically log you into websites.

Take the time to create smart and safe passwords at work this year. Putting in a little extra effort now could save you a world of trouble and headaches later on.

Tell Us What You Think

How secure are your passwords? We want to hear from you! Leave a comment or join the discussion on Twitter.