SplashData’s 2017 Worst Passwords list is out again, curating the 25 weakest stolen passwords gleaned from analyzing 5 million stolen passwords from North America and Western Europe. And once again it’s topped by that perennial favorite, “123456.”
Laziness apparently knows few boundaries when it comes to protecting one’s personal information. Because I mean, these people can’t even take it that one tiny step further, to starting in the middle of the row and “567890”—it’s just….too far. I’m guessing this is the stoner’s password of choice.
In a similar vein, "12345678" (No 3) and “123456789" (No 5) also made the Top 10 (some lazy people are just a couple of characters less lazy than others, I guess)—along with the alpha version, "qwerty” (No 4).
In the “You-mean-I-actually-have-to-type-a-word??” category, we find the obvious “football”, the too-cute “letmein” and the dubious “iloveyou” all in the Top 10.
In second place, again, is the uber-inventive “Password." Yep. Just “Password.” Points for capitalizing the first letter…I guess? (Meanwhile, another repeat offender, "passw0rd," which thinks it’s all being fancy with that zero in the middle, came in at No 17).
This year did see some new idiocy creep into the expanded list. The Force is not strong with this one: "starwars" made its debut at No 16, presumably an indicator of how pumped people were/are for the Last Jedi. Also in the pop culture realm, “dragon” breathes its so-not-intimidating-to-hacks fire at No 17, in an apparent homage to Jon Snow and the rest of the peeps over in Game of Thrones.
"Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words," said Morgan Slain, CEO of SplashData.
Ya think?
As for how prevalent these are, according to SplashData, about 10% of users have employed at least one of the top 15 worst passwords on the 2017 list, while 3% have chosen the stoner password at the top.