alert caret-right hud lock search menu close LinkedIn Youtube Twitter Facebook Skip to main content

SplashData, a password management company, has released its annual list of top worst passwords for 2017.

After reviewing five million passwords leaked in 2017, SplashDash released the list of most popular, and therefore dangerous, passwords.

As usual, “123456” and “password” remain as the top two most popular passwords, but “starwars” is a newcomer to the list. “Football” is the only sport being used as a password in the top 10 worse passwords for 2017, but “hockey” comes in at 78 among the top 100.

Hackers are using common terms from pop culture, entertainment and sports to break into accounts online because they know many users are creating those easy-to-remember passwords.

Password Tips to Remember

Some users opt for a password which looks nonsensical, but is among the least secure because it follows a pattern on the keyboard. For example, “qazwsx” is a newcomer, joining “qwerty,” which ranks fourth behind the third-place worst password “12345678.”  Some users tried to be creative with “querty,” but it fails as a good password, too.  Avoid sequential key variations or common patterns when creating a password.

Swapping the letter “o” with the number “0” may seem like a good idea to change your password, but SplashData points out that trick is not so slick since the worst passwords list includes six variations of the top two worst passwords by replacing “o” with “0” or adding extra digits to a numerical string.   Hackers know the tricks, and merely tweaking an easily guessable password does not make it secure.

So, what’s wrong with “123456,” “qazwsx” and “qwerty?” They are only six characters long.  Technology security experts say the minimum character length is eight to create a strong password, and often recommend 10 to 12 characters to maximize the length of time a computer or a botnet would need to crack the password.  Next, the digits and letters are all in order.  They are easily guessable and easily crackable, especially using brute force methodologies. They need a mix of upper and lower case letters, numbers and symbols.

“Password1,” “Abc12345,” “Jeb2016!” and “Passw0rd” are not any better, despite having mixed case, numbers and special characters. Never use dictionary words, common terms, names, brands, etc. when choosing passwords.  Substituting some of the letters for numbers or symbols is not unique.  Password crackers know to include words like “vuln3rabl3” or “Trustno1” on their look-up tables.

Never use personal identifying information to create a password, such as your name, social security, driver’s license or account numbers.

Do not recycle passwords or versions of them. Do not re-use passwords on multiple accounts. This adds additional risk if one account is breached that your password will be tried on other accounts.

Do not write down your password on a sticky note and put it on your desk. Security experts do recommend writing down important passwords and storing them in a safe deposit box so a family can unlock an account in case of an accident or death.

Schedule regular password changes. Like changing batteries in protection devices, such as smoke detectors or sump pump alarms, or reviewing your credit report at each of the credit bureaus, creating new passwords on a routine basis should be part of your personal security plan.

Making sure that your passwords are as secure as possible is a good resolution for the new year that is not hard to keep.