The list of this year’s worst computer passwords has been released, and though there are a lot of familiar phrases, a number of new passwords have made the list, including “starwars.”
The widely released list, compiled annually by security app and service developer SplashData, contains 25 passwords. But SplashData also releases a longer list with 100 passwords on it.
The passwords are compiled from “over five million leaked passwords,” which were “mostly held by users in North America and Western Europe.” SplashData notes that “passwords leaked from hacks of adult websites and from the Yahoo email breach were not included in this report.”
The worst password on this year’s list remains unchanged from last year: the extremely simple “123456.” Five of the “top” eight passwords contain strings of numbers in order, starting with “1.” This is obviously a big no-no.
Equally obvious picks like “password” and “qwerty” came in second and fourth place, respectively. A new edition to the top 10 was “letmein” — perhaps a sign of frustration in having to keep coming up with so many passwords.
[Unoriginal? Lazy? Simply tired of coming up with so many passwords? Check out our password manager reviews.]
Other one-word phrases cracking the top 25 were “football” (9), “admin” (11), “welcome” (12), “monkey” (13), “login” (14), “dragon” (18), “master” (20), “hello” (21), “freedom” (22) and “whatever” (23).
Also, if you’re making a password, don’t use the Force — “starwars” was 16th on this year’s list. (If you must invoke Star Wars, at least come up with a more obscure reference.)
You Can Do Better
SplashData estimates “almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3 percent of people have used the worst password, 123456.”
Looking at the full top 100 list, a number of sports teams can be found — “lakers” at 37, “rangers” at 94, and “yankees” at 99. A number of passwords not fit for a family-friendly security website made the list as well.
SplashData recommends using a different password for each website, using passphrases of 12 characters or more with mixed types of characters, and using a password manager. We tend to agree. For more easy tips, check out Five Simple Ways To Improve Your Cybersecurity.