'Starwars' And The 24 Other Worst Passwords Of 2017

Star Wars

You know those corny movie scenes, where someone hacks their boss or girlfriend or enemy's password by looking around the room and making two guesses? In real life, that would work way more often than it should. Check out this list of the 25 most-used, and thus most hackable, passwords of 2017.

SplashData, makers of the password managers SplashID, TeamsID, and Gpass, built their list from over 5 million passwords leaked in data breaches this year. They estimate that almost 10% of computer users have used at least one of these. They recommend making longer, less obvious passwords, not reusing passwords, and getting a password manager. Which we recommend too!

"Hackers are using common terms from pop culture and sports to break into accounts online," says SplashData's CEO Morgan Slain, "because they know many people are using those easy-to-remember words."

So don't make your password starwars, or twinpeaks, or really any piece of popular culture. (I use a couple of passwords based on an old favourite book, but they have nothing to do with the title and they have special characters.) In general — and I can't say this enough — you should use a password manager, and have it generate long, hard-to-guess passwords.

25 Most-Used Passwords of 2017

  1. 123456

  2. password

  3. 12345678

  4. qwerty

  5. 12345

  6. 123456789

  7. letmein

  8. 1234567

  9. football

  10. iloveyou

  11. admin

  12. welcome

  13. monkey

  14. login

  15. abc123

  16. starwars

  17. 123123

  18. dragon

  19. passw0rd

  20. master

  21. hello

  22. freedom

  23. whatever

  24. qazwsx

  25. trustno1

Even a robust password could get hacked if the service you use it on has bad security. That's how we can figure out the most common passwords in the first place. But a flimsy password is hackable without any breaches, and it leaves you vulnerable to the rankest amateur hackers, like prank-loving friends, revenge-seeking exes, or someone you pissed off on Facebook. Trustno1 indeed.


    To be fair very few people are going to try and guess your password nowadays - they’ll use a dedicated tool, which makes all of these just as secure as any dictionary word, which is not at all.

    Also remember that all crackers now know about character substitution, so [email protected] really isn’t going to be much more secure than just plain old lifehacker as a password - do not do this. Similarly making the first letter of a word a capital and adding a 1 or 9 to the end will be guessed by every toolbox.

    Best thing you can do is add length onceuponatimeinagalaxyfarfaraway is more secure than Zx^89c... well maybe not that specific example because it’s a well known quote, but you get the idea - more length adds more complexity in an exponential fashion. Long gone are the days you were always capped to 8 chars, so use the limit it gives you.

    In reality, article’s spot on - use a password manager, use a random password generator and make the password to that password manager the most secure you Know - I think mine is somewhere around 75 chars long... or not... i’m Not telling lol

    Last edited 20/12/17 2:20 pm

    'monkey' is 13? That seems a bit odd - why would so many people choose that?

Join the discussion!

Trending Stories Right Now