‘Starwars’ Makes it to the List of 2017’s Worst Passwords

The list of the 25 most-used and most hackable passwords of 2017 has been published today on Lifehacker, with ‘123456’ topping the list as the worst password of 2017. The list was compiled by SplashData, makers of the password managers SplashID and TeamsID, from over 5 million passwords leaked in data breaches this year. It is believed that almost 10% of computer users have used at least one of these.

“Hackers are using common terms from pop culture and sports to break into accounts online,” says SplashData’s CEO Morgan Slain, “because they know many people are using those easy-to-remember words.”

I use a couple of passwords based on an old favorite book, but they have nothing to do with the title and they have special characters. In general—and I can’t say this enough—you should use a password manager, and have it generate long, hard-to-guess passwords.

Security experts recommend making longer, less obvious passwords, not reusing passwords, and getting a password manager like 1Password, which is both fast and super easy to use. Never make your password starwars, or twinpeaks, or any piece of popular culture for that matter.

Below are the 25 worst passwords of 2017. A complete list of the 100 most-used passwords is also available in PDF format at this link.

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. letmein
8. 1234567
9. football
10. iloveyou
11. admin
12. welcome
13. monkey
14. login
15. abc123
16. starwars
17. 123123
18. dragon
19. passw0rd
20. master
21. hello
22. freedom
23. whatever
24. qazwsx
25. trustno1