For the last seven years, security application company SplashData has attempted to shine a light on digital security by compiling a list of each year's most common passwords. Their information comes straight from the source: log-in information that had been stolen and publicly-released during the year. Despite constant warnings from security experts, the most popular passwords for 2017 remained depressingly bad. If you see any of your own passwords in the following list, please change them ASAP!
Many of the passwords which appear on SplashData's list are perennial contenders for title of worst password, demonstrating that most people have failed to learn from years of warnings. Of course, the two extremely common (and easy to guess) choices of "password" and "123456" came in second and first, respectively. Here are the top 20 most common passwords of 2017:
- 123456 (unchanged from last year)
- password (unchanged)
- 12345678
- qwerty
- 12345
- 123456789 (new to the list)
- letmein (new)
- 1234567 (unchanged)
- football
- iloveyou (new)
- admin
- welcome (unchanged)
- monkey (new)
- login
- abc123
- starwars (new)
- 123123 (new)
- dragon
- passw0rd
- master
If, after seeing the new movies, you thought it was fun to make your password "starwars", you apparently weren't alone!
Beyond simply avoiding common passwords, how else can you increase your digital security? Back in August, the man who created our current rules for a "strong" password (you know, where you must include numbers, letter, capitalization, and special characters) admitted that he regrets his decision. Instead, he suggests that a much stronger (and easier to remember) option is to create a passphrase using a long string of unrelated words. For instance, "horsedogcowboypool" is much harder for a hacking program to crack than something like "Pin3apple45" simply because it is much longer. Furthermore, making a mental image of the passphrase allows for easier recall! How could you forget a horse, dog, and cowboy in a pool?