‘Starwars’ And The 24 Other Worst Passwords Of 2017

‘Starwars’ And The 24 Other Worst Passwords Of 2017

Star Wars

You know those corny movie scenes, where someone hacks their boss or girlfriend or enemy’s password by looking around the room and making two guesses? In real life, that would work way more often than it should. Check out this list of the 25 most-used, and thus most hackable, passwords of 2017.

SplashData, makers of the password managers SplashID, TeamsID, and Gpass, built their list from over 5 million passwords leaked in data breaches this year. They estimate that almost 10% of computer users have used at least one of these. They recommend making longer, less obvious passwords, not reusing passwords, and getting a password manager. Which we recommend too!

“Hackers are using common terms from pop culture and sports to break into accounts online,” says SplashData’s CEO Morgan Slain, “because they know many people are using those easy-to-remember words.”

So don’t make your password starwars, or twinpeaks, or really any piece of popular culture. (I use a couple of passwords based on an old favourite book, but they have nothing to do with the title and they have special characters.) In general — and I can’t say this enough — you should use a password manager, and have it generate long, hard-to-guess passwords.

25 Most-Used Passwords of 2017

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

Even a robust password could get hacked if the service you use it on has bad security. That’s how we can figure out the most common passwords in the first place. But a flimsy password is hackable without any breaches, and it leaves you vulnerable to the rankest amateur hackers, like prank-loving friends, revenge-seeking exes, or someone you pissed off on Facebook. Trustno1 indeed.


  • To be fair very few people are going to try and guess your password nowadays – they’ll use a dedicated tool, which makes all of these just as secure as any dictionary word, which is not at all.

    Also remember that all crackers now know about character substitution, so [email protected] really isn’t going to be much more secure than just plain old lifehacker as a password – do not do this. Similarly making the first letter of a word a capital and adding a 1 or 9 to the end will be guessed by every toolbox.

    Best thing you can do is add length onceuponatimeinagalaxyfarfaraway is more secure than Zx^89c… well maybe not that specific example because it’s a well known quote, but you get the idea – more length adds more complexity in an exponential fashion. Long gone are the days you were always capped to 8 chars, so use the limit it gives you.

    In reality, article’s spot on – use a password manager, use a random password generator and make the password to that password manager the most secure you Know – I think mine is somewhere around 75 chars long… or not… i’m Not telling lol

Comments are closed.

Log in to comment on this story!