As the year comes to a close, a lot of us are thinking back on the year that was… but are have you bothered to consider your 2017 passwords?
A good password will keep your online accounts safe, from your bank account to your Amazon account. But even though we know we should create secure passwords, a lot of us don’t. Complex, unique passwords can be a nuisance to remember (especially since security experts recommend using a different password for every site), and it’s easier to skip the headache and go with something simple.
However, SplashData’s list of the worst passwords of 2017 — which was compiled from more than five million passwords which were hacked this year —suggests plenty of people aren’t making much effort to create secure passwords. The top five passwords don’t vary much from year to year… which means people keep using the same predictable passwords, which make it easy for anyone to get into their accounts. Here are this year’s top 25 passwords:
Even if you aren’t a security pro, you can probably see a problem here. Four of those passwords are simply a straight row of characters across the keyboard (presumably to whatever number of characters a particular password requires). And they aren’t the only patterns on the list: “qazwsx” and “1qaz2wsx,” made up of the first two columns of letters on your keyboard, but such a simple pattern is still easy for a hacker to guess. Then there’s the perennial “password,” which is certainly easy to remember — but it’s also the first password any hacker will try. Variations on this basic password are also inevitably on the worst passwords list: “passw0rd” and “password1” may be a little more complicated than the simple “password,” but they aren’t much better. If “password” is a hacker’s first guess, these two will be the second and third.
Even worse, “123456” and “password” have made the top two spots on the worst passwords list for five years in a row. That implies that not only are these lousy passwords getting used, but they keep getting used.
New to the list this year was “starwars,” debuting in the #16 slot. And while it’s a bit better than “password,” setting your password to the name of the biggest movie of the year still isn’t very secure.
So how can you keep your online accounts — and thus your personal information — safe? The first step is reviewing SplashData’s 100 worst passwords of the year and making sure you aren’t using any of them. If you are, you should log on and change them immediately. Then make sure you’re creating a strong password. A good password needs to:
- Have least 8 characters.
- Include capital letters, numbers, and ASCII characters.
- Not follow any pattern, like “123456” or “121212.”
- Not use a dictionary word, common phrase, a movie name or anything similar. (Sorry, Star Wars fans, but you shouldn’t express your enthusiasm in your password.)
- Not include your name or significant dates, like your birthday or anniversary. Names are a common feature on the worst password list, and using this kind of personal information makes your password very easy to guess.
- Never be used across multiple sites, which means that when one site is hacked, all of your passwords are compromised.
If sites support it, you should also use two-factor authentication, which requires both a password and a randomly generated code, which is typically displayed in an app or texted to you whenever you log on. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. While not every site offers two-factor authentication, most sites containing sensitive personal information will, including most banking sites. If you aren’t sure whether your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
Now the next question: how can you remember all of these unique, complicated passwords? We recommend that everyone use a password manager. These secure apps will store your passwords — though you have to remember to add them, first — and require a login to access them. Many are apps that run on your phone, but you’ll also find PC and web-based password managers. Most browsers have built-in password managers, too, which let you log into your favorite sites without typing a thing.
So why not make a New Year’s resolution to improve your passwords? Using good passwords isn’t as hard as you think — and it will help you avoid the headache of hacks throughout 2018.