SplashData Releases Top 100 Worst Passwords of 2017

SplashData released its annual list of worst passwords, making it clear why so many of us get hacked and stressing the importance of a strong password.

SplashData Releases Top 100 Worst Passwords of 2017

When it comes to cybersecurity, the most basic and common form of protection is a password. That being said, you would think people would put a little more thought and effort into something that protects everything from personal emails to bank accounts.

SplashData, a provider of security applications and services, has released its annual list of “Worst Passwords of the Year.” Data from five million leaked passwords from users in North America and Western Europe were compiled to create the list.

While the Galactic Empire is known for its cybersecurity shortcomings, us earthlings are apparently no different. No doubt buoyed by the released of Star Wars: The Last Jedi, the password “starwars” made the list for the first time, coming in at 16. The rest of the top 20 contain very few surprises.

Here are the top 20 worst passwords of 2017:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master

The top 10 remained mostly the same from last year, with “123456” and “password,” coming in as the most and second most used passwords respectively. “123456789” was a new addition at number eight.

So what does this tell us? Despite repeated warnings, people are still being stubborn about choosing secure passwords. Users should create passwords that contain a mix of upper and lowercase letters, numbers and symbols that can’t be easily guessed.

It would also be wise to use two-step authentication whenever possible. This usually means using a fingerprint or receiving a secure pin via email or text message to confirm your login.

It would also be wise for integrators to make sure internet-connected devices aren’t using default admin credentials, which has led to a rise in hacked surveillance cameras. Integrators, along with any user of an IoT device, should also ensure that it is using the latest firmware available.


This article originally ran in CS’ sister publication Security Sales & Integration.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ