Worst passwords of 2017: From '123456' to 'starwars'

Using any of the logins on the list would put you 'at grave risk for identity theft'

Aatif Sulleyman
Wednesday 20 December 2017 18:21 GMT

The worst passwords of the year have been revealed in a new report.

“123456” tops the list, as it did in 2016, 2015, 2014 and 2013. For the fourth consecutive year, the next entry on the list is “password”. Variations of each of them comprise six of the other 23 entries in the top 25.

“12345678”, “qwerty” and “12345”, meanwhile, complete the top five.

“Use of any of the passwords on this list would put users at grave risk for identity theft,” said SplashData, which released the report.

The company says it “estimates that almost 10 per cent of people” have used at least one of this year’s selection of the 25 worst passwords, and “nearly 3 per cent of people” have used the outright worst password, 123456.

It adds that the passwords evaluated for the report were mostly held by people in North America and Western Europe.

“These past two years have been particularly devastating for data security, with a number of well publicized hacks, attacks, ransoms, and even extortion attempts. Millions of records have been stolen,” said SplashData.

The 2017 edition of the list was compiled from more than five million passwords that leaked during the year. However, any login details that leaked as a result of the enormous Yahoo email breach and hacks of adult websites were not considered for the report.

SplashData recommends using passwords that are at least 12 characters long, comprising a mix of different character types and both upper- and lowercase letters.

The company says you should also use a different password for each of your logins. This, however, can cause a completely different set of problems, as it can be tough to remember multiple logins.

You can save yourself some hassle by signing up to a password manager.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” said SplashData CEO Morgan Slain.

“Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

The 25 worst passwords of the year are:

  1. 123456 (unchanged from 2016 list) 
  2. password (unchanged) 
  3. 12345678 (up one place) 
  4. qwerty (up two places) 
  5. 12345 (down two places) 
  6. 123456789 (new entry) 
  7. letmein (new entry) 
  8. 1234567 (unchanged) 
  9. football (down four places) 
  10. iloveyou (new entry) 
  11. admin (up four places) 
  12. welcome (unchanged) 
  13. monkey (new entry) 
  14. login (down three places) 
  15. abc123 (down one place) 
  16. starwars (new entry) 
  17. 123123 (new entry) 
  18. dragon (up one place) 
  19. passw0rd (down one place) 
  20. master (up one place) 
  21. hello (new entry) 
  22. freedom (new entry) 
  23. whatever (new entry) 
  24. qazwsx (new entry) 
  25. trustno1 (new entry)

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in