SplashData's latest annual report on the most commonly used and worst passwords is here again and it's clear that we haven't learned much since the last report.
The list was created using data from more than five million passwords that were leaked by hackers in 2017. As noted by SplashData, the past 2 years have been devastating for data security with high a number of hacks, attacks, ransoms and extortion attempts.
Even with all these recent attacks, people continue to use easy to guess passwords to protect their valuable data. Surprisingly enough, '123456' and 'password' are once again, on top of the list for the fourth consecutive year. Variations of these two horrible passwords make up another six of the remaining passwords in the list.
According to SplashData estimates, 10% of people have used at least one of the 25 worst passwords on this year's list and a staggering 3% have used the worst password, '123456'.
A lot of the passwords have been on the list for a few years but there are a few new comers as well. Passwords like 'starwars', 'freedom', 'monkey', 'letmein' and 'hello' are all new to the list this year.
Morgan Slan, CEO for SplashData, says that “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.” While the Star Wars movie is great, using 'starwars' as your password is dangerous and risky.
At AngelCom, we advise our clients to use secure pass-phrases consisting of twelve characters or more with mixed types of characters and numbers including upper and lower cases; and, each of your web login passwords should be different. We suggest you use a password manager to organize all of your secure passwords. A password manager will also help you by generating secure random passwords and automatically log into your websites.
If you are using any of the passwords on this list, you are putting yourself at great risk for identity theft. If you happen to spot yours here, change it right away.
The top 25 passwords on the 2017 list include:
1. 123456 (Unchanged)
2. Password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 2)
5. 12345 (Down 2)
6. 123456789 (New)
7. letmein (New)
8. 1234567 (Unchanged)
9. football (Down 4)
10. iloveyou (New)
11. admin (Up 4)
12. welcome (Unchanged)
13. monkey (New)
14. login (Down 3)
15. abc123 (Down 1)
16. starwars (New)
17. 123123 (New)
18. dragon (Up 1)
19. passw0rd (Down 1)
20. master (Up 1)
21. hello (New)
22. freedom (New)
23. whatever (New)
24. qazwsx (New)
25. trustno1 (New)
For a complete list of all 100, check out SplashData's complete list.