SplashData each year compiles a list of the most commonly used bad passwords scraped from stolen credentials. You would think that year after year, people would learn to improve their password habits. Instead, we find the same overused passwords retaining their popularity.
The number three pick was always “12345678,” but it was dethroned by “12345” in 2015 and then “qwerty” in 2016. However, it has regained its title this year as the third most hacked password.
The two most used in 2017 were “123456” and “password.” Those terrible choices have maintained the number one and number two positions respectively since SplashData started tracking bad passwords in 2011.
Other passwords that seem to show up every year include “login,” “1234567,” “football” and the totally secure “passw0rd” with a zero as the “o.”
There are a few new entries this year, however, showing that people are getting more creative and are at least attempting to make their passwords more secure. For example, people who used to use “12345678” as their password must have read somewhere that that it wasn’t very secure so now they have started using “123456789.”
Do not use these passwords. They are the most hacked every year.
Then there are the people who made “loveme” the 23rd most used password in 2016. They have apparently decided they are safer using “iloveyou” instead, as that one debuted at number 10 this year with “loveme” not even making the top 100.
Star Wars mania has apparently also taken over many people’s lives since “starwars” is a new entry on the list at number 16, “master” is ranked 20th on the list, and “solo” is in at number 60.
Here are the top 10 worst passwords of 2017 as well as their movement on the list since 2016.
- 123456 (unchanged)
- password (unchanged)
- 12345678 (up 1)
- qwerty (up 2)
- 12345 (down 2)
- 123456789 (new)
- letmein (new)
- 1234567 (unchanged)
- football (down 4)
- iloveyou (new)
If you want to see the full list of the 100 most hacked passwords (some NSFW), SplashData has collected them in asnazzy PDF.
As always, don’t use any of the passwords on this list. They are pretty much the very first ones that hackers use to try to get into an account. If you value your online security at all, always pick strength over convenience when choosing your password. Better yet, just download an app like PassBox or Password Manager XP. They will create strong passwords and remember them for you.