Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

These are the Worst Passwords of 2017

by Elizabeth Harper on December 26, 2017

As the year comes to a close, a lot of us are thinking back on the year that was… but are have you bothered to consider your 2017 passwords?

A good password will keep your online accounts safe, from your bank account to your Amazon account. But even though we know we should create secure passwords, a lot of us don’t. Complex, unique passwords can be a nuisance to remember (especially since security experts recommend using a different password for every site), and it’s easier to skip the headache and go with something simple.

However, SplashData’s list of the worst passwords of 2017 — which was compiled from more than five million passwords which were hacked this year —suggests plenty of people aren’t making much effort to create secure passwords. The top five passwords don’t vary much from year to year… which means people keep using the same predictable passwords, which make it easy for anyone to get into their accounts. Here are this year’s top 25 passwords:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

Even if you aren’t a security pro, you can probably see a problem here. Four of those passwords are simply a straight row of characters across the keyboard (presumably to whatever number of characters a particular password requires). And they aren’t the only patterns on the list: “qazwsx” and “1qaz2wsx,” made up of the first two columns of letters on your keyboard, but such a simple pattern is still easy for a hacker to guess. Then there’s the perennial “password,” which is certainly easy to remember — but it’s also the first password any hacker will try. Variations on this basic password are also inevitably on the worst passwords list: “passw0rd” and “password1” may be a little more complicated than the simple “password,” but they aren’t much better. If “password” is a hacker’s first guess, these two will be the second and third.

Even worse, “123456” and “password” have made the top two spots on the worst passwords list for five years in a row. That implies that not only are these lousy passwords getting used, but they keep getting used.

New to the list this year was “starwars,” debuting in the #16 slot. And while it’s a bit better than “password,” setting your password to the name of the biggest movie of the year still isn’t very secure.

So how can you keep your online accounts — and thus your personal information — safe? The first step is reviewing SplashData’s 100 worst passwords of the year and making sure you aren’t using any of them. If you are, you should log on and change them immediately. Then make sure you’re creating a strong password. A good password needs to:

  • Have least 8 characters.
  • Include capital letters, numbers, and ASCII characters.
  • Not follow any pattern, like “123456” or “121212.”
  • Not use a dictionary word, common phrase, a movie name or anything similar. (Sorry, Star Wars fans, but you shouldn’t express your enthusiasm in your password.)
  • Not include your name or significant dates, like your birthday or anniversary. Names are a common feature on the worst password list, and using this kind of personal information makes your password very easy to guess.
  • Never be used across multiple sites, which means that when one site is hacked, all of your passwords are compromised.

If sites support it, you should also use two-factor authentication, which requires both a password and a randomly generated code, which is typically displayed in an app or texted to you whenever you log on. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. While not every site offers two-factor authentication, most sites containing sensitive personal information will, including most banking sites. If you aren’t sure whether your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.

 Now the next question: how can you remember all of these unique, complicated passwords? We recommend that everyone use a password manager. These secure apps will store your passwords — though you have to remember to add them, first — and require a login to access them. Many are apps that run on your phone, but you’ll also find PC and web-based password managers. Most browsers have built-in password managers, too, which let you log into your favorite sites without typing a thing.

So why not make a New Year’s resolution to improve your passwords? Using good passwords isn’t as hard as you think — and it will help you avoid the headache of hacks throughout 2018.


Topics

Computer Safety & Support, News, Computers and Software, Blog, Privacy


Discussion loading

gravatar

From Jericho on December 27, 2017 :: 11:20 am


But are you have bothered to..

Or

But you have bothered to..

Reply

gravatar

From Kerry McCauley on January 01, 2018 :: 12:11 pm


If you forget password your password manager is then lost if you have a system wipe then all work is gone. You have to re input it again which then is a lot of work. I know this from experience. Is there a way to save this? The password programmes do not have a solution other than what I have gone through.

Reply

gravatar

From Josh Kirschner on January 02, 2018 :: 11:53 am


If you use a cloud-based password manager, then you won’t lose your passwords should your main computer fail. And you just need to remember that one password or store it very securely somewhere offline (not recommended).

For our recommendations on the best password managers see: https://www.techlicious.com/guide/best-password-managers/

Reply

gravatar

From Mealone on January 14, 2018 :: 5:12 pm


Sorry, but this is really a “no-brainer”. If you don’t want anyone to know certain information, don’t put it on the internet! clouding is internet related, therefore hack-able!

I know it’s easy to flag off suggestions so here’s mine. (There is only one problem here, if everyone does it, the hackers will know where to look).

Tip: I found the best way to keep passwords secret and always accessible (for me) list them encrypted on a stick then hang it on your keys, bag or…

Reply

gravatar

From Tony on January 14, 2018 :: 5:53 pm


@MEALONE What happens if you lose that stick with those encrypted passwords?

Programs such as LastPass and Roboform also use encryption, therefore a hacker will not access raw data, so there is really no danger.

The beauty of the cloud component is that you can lose your hardware (computer, tablet, phone) and still re-access your password vault from somewhere else to recover and continue your life.

gravatar

From Mealone on January 16, 2018 :: 9:19 pm


I forgot to mention, If you do lose the stick or it gets damaged, only you know what is on it and for who. You don’t put your name and address on your car-keys do you? the info is encrypted, with what? and only the person who it belongs to know the logins ect. When uploading data to the internet, more information of the uploader is accessible to the hacker. But you knew that, didn’t you!

Call me negative, but the internet is not forever!
Some smartypants will soon invent a program that cleans the internet junk. What if it went wrong? All data erased from existence. Ooooh creepy!!

Anyway on to more pressing world problems! Plastic..

gravatar

From vicki on January 01, 2018 :: 8:08 pm


Rules I follow
* keep a note in a secure place at home (fireproof lockbox comes to mind) that lists all passwords used
* keep a note in a device that lists password hints (never the password itself-I learned this the hard way)
* use passwords that dont connect to you personally - no pet names, favorite anything, dates, family names, etc - try to be random yet still be something memorable
* consider using foreign words or alternate spelling of words easily remembered
* use irregular capitalization, replace letters with numbers or symbols, etc
* change passwords often (once a month, or every three months, whatever works best)
* never share passwords with anyone, not even a person you trust. Passwords are not the same thing as a key, they are meant to be kept private
* keep an old cell phone, with no services or wifi enabled, secured with its own password, and use it as a pda for contact information, account names or numbers, and passwords. Dont download anything and never use it for any sort of communication.

Reply

gravatar

From Tony on January 05, 2018 :: 10:11 pm


I use LastPass to store all my passwords. I just need to remember the one Master Password in order to access all others.

Previously I used an Excel spreadsheet with sites and passwords only partially spelled out. And the name of the spreadsheet was definitely NOT Passwords either.

Reply

gravatar

From Larry on January 08, 2018 :: 12:01 am


CAPITOL is not the same as CAPITAL

Reply

gravatar

From Josh Kirschner on January 16, 2018 :: 3:14 pm


Fixed.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.