‘STARWARS’ Lands On 2017’s ‘Worst Passwords’ List

The list of this year’s worst computer passwords has been released, and though there are a lot of familiar phrases, a number of new passwords have made the list, including “starwars.”

sabrisy / Shutterstock.com

The widely released list, compiled annually by security app and service developer SplashData, contains 25 passwords. But SplashData also releases a longer list with 100 passwords on it.

The passwords are compiled from “over five million leaked passwords,” which were “mostly held by users in North America and Western Europe.” SplashData notes that “passwords leaked from hacks of adult websites and from the Yahoo email breach were not included in this report.”

Bad Passwords

The worst password on this year’s list remains unchanged from last year: the extremely simple “123456.” Five of the “top” eight passwords contain strings of numbers in order, starting with “1.” This is obviously a big no-no.

Equally obvious picks like “password” and “qwerty” came in second and fourth place, respectively. A new edition to the top 10 was “letmein” — perhaps a sign of frustration in having to keep coming up with so many passwords.

[Unoriginal? Lazy? Simply tired of coming up with so many passwords? Check out our password manager reviews.]

Other one-word phrases cracking the top 25 were “football” (9), “admin” (11), “welcome” (12), “monkey” (13), “login” (14), “dragon” (18), “master” (20), “hello” (21), “freedom” (22) and “whatever” (23).

Also, if you’re making a password, don’t use the Force — “starwars” was 16th on this year’s list. (If you must invoke Star Wars, at least come up with a more obscure reference.)

You Can Do Better

SplashData estimates “almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3 percent of people have used the worst password, 123456.”

Looking at the full top 100 list, a number of sports teams can be found — “lakers” at 37, “rangers” at 94, and “yankees” at 99. A number of passwords not fit for a family-friendly security website made the list as well.

SplashData recommends using a different password for each website, using passphrases of 12 characters or more with mixed types of characters, and using a password manager. We tend to agree. For more easy tips, check out Five Simple Ways To Improve Your Cybersecurity.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us