The Worst Passwords of 2017 Include ‘password,’ ‘123456,’ and ‘starwars’

This site may earn affiliate commissions from the links on this page. Terms of use.

Despite the frequent and extensive leaks of personal information on the internet, passwords are still the preferred method of gaining access to your accounts. Every year, SplashData puts together a list of the most popular (and therefore worst) passwords that appeared in this year’s leaks. For 2017, “password” is still near the top along with various strings of numbers. Disney’s marketing department will be happy to know “starwars” popped up on the list this time, too.

The entire 100-entry list is available on SplashData’s site, but the top five worst are 123456, password, 12345678, qwerty, and 12345. Interestingly, “password” is the only entry in the top 5 that isn’t just a keyboard pattern. It’s still a terrible password, though. Other bad ideas for passwords include first names and basically any dictionary word.

SplashData cautions that many of the password strength checkers on websites are a poor reflection of how good your password really is. For example, adding a number usually registers as more secure, but it matters how you use numbers. If you thought just swapping in a zero would make it better, “passw0rd” is also in the top 20. SplashData CEO Morgan Slain points out that adding numbers in place of similar letters is also a bad strategy for making a secure password because a hacker would probably think to try that. Likewise, slapping a number at the end of a password won’t fool anyone — “password1” is on the list, too.

Many of the people who can’t be bothered to remember a strong password are probably using these same weak ones on multiple websites as well. Just one compromised website and hackers could gain access to all your personal data. If you can’t remember all those passwords, use a password manager like LastPass or the one built into Chrome. Even Android Oreo supports password managers now (see below).

A good first step is making certain you aren’t using any of the passwords on this list. Good? Next, make sure your passwords are not reused and are longer than a few characters. Make sure to include numbers, letters, and special characters. On services that support it, you should enable two-factor authentication. The service will send you a code via SMS for each login attempt, or you can use an authenticator app to generate them yourself. Without the auth code, even someone with your account details won’t be able to log in.

Whatever you do, don’t let your password be “password.”

Now read: 20 Best Privacy Tips

About Technology Updates

Remain updated with latest Technology related blog posts. We bring the latest tech posts right in-front of you here...

View all posts by Technology Updates →