SplashData has released their latest annual report on the most commonly used passwords. Unfortunately, the more things change, the more they stay the same.
By now, everyone knows that the number of hacking attempts and high-profile data breaches are on the rise. Everyone has heard, on more than one occasion, how important it is to not use the same password across multiple web properties, to enable two-factor authentication if and where it is offered and to use passwords that contain a combination of letters, numbers and symbols in order to make them more difficult to crack.
Although these are things that everyone knows, the wisdom embedded in the advice above often goes unheeded. According to the data collected by aggregating passwords leaked in data breaches over the past year, the most commonly used password for 2017 is "123456," followed closely by the ubiquitous "password." These are unchanged from last year.
The rest of the top 25 list contains a mix of the old and the new, including:
- 12345678
- Qwerty
- 12345
- 123456789
- Letmein
- 1234567
- Football
- Iloveyou
- Admin
- Welcome
- Monkey
- Login
- Abel123
- Starwars
- 123123
- Dragon
- Passw0rd
- Master
- Hello
- Freedom
- Whatever
- Qazwsx
- And Trustno1
If you make use of any of these passwords, we urge you to change them immediately. As important as data security is and as much as is at stake, you're putting yourself, your friends and your coworkers at grave risk by using such easily cracked passwords.
SplashData's CEO Morgan Slain had this to say on the topic:
"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, 'starwars' is a dangerous password to use. Hackers are using common terms from pop culture and sports to break into accounts online because they know how many people are using those easy-to-remember words."