What Are the Worst Passwords of 2017? | TechWell

What Are the Worst Passwords of 2017?

password written on sticky note

The more things change, the more they stay the same.

2018 kicked off with news of a massive security threat that’s been called “chipocalypse”—no, not a potato shortage—security flaws found in Intel chips, as reported by Google Project Zero. Yet, for the fourth straight year, the top spots (#1 and #2) in the annual worst passwords of the year list issued by password management company SplashData are unchanged. People apparently still use “123456” and “password.”

Compiled from more than five million passwords leaked during the year, here are the top twenty commonly hacked passwords from SplashData’s list of the 100 worst passwords of 2017:


  1. 123456

  2. Password

  3. 12345678

  4. Qwerty

  5. 12345

  6. 123456789

  7. Letmein

  8. 1234567

  9. Football

  10. Iloveyou

  11. admin

  12. welcome

  13. monkey

  14. login

  15. abc123

  16. starwars

  17. 123123

  18. dragon

  19. passw0rd

  20. master

Disney-Lucasfilm’s “Star Wars: The Last Jedi” was an indisputable blockbuster at the box office during the 2017 holiday period, which, while inspired fans, contributed to an entry into the top 20 most hacked passwords. “Starwars” the password came in at #16. Some references are easy to remember, but when it comes to security for your accounts and devices, heed the advice General Leia Organa gave to Poe Dameron in "The Last Jedi": “Poe, get your head out of your cockpit. There are things that you cannot solve by jumping in an X-wing and blowing something up!”

Protect yourself!

Two-factor or multi-factor authentication is a frequently recommended precaution that adds an extra layer of security, especially when it comes to sensitive data such as email, financial accounts, and health records. Unfortunately, when it comes to authenticating identity, many users still choose passwords, passphrases, and PINs that are too easy to guess. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” said Morgan Slain, CEO of SplashData.

The National Institute of Standards and Technology (NIST), a non-regulatory federal agency within the U.S. Department of Commerce, issued new security guidelines during 2017. It turns out that passwords with a combo of characters, such as numbers, uppercase and lowercase letters, and symbols may not be as helpful as previously thought.

What makes a good password? Password length, according to the NIST appendix, is a primary factor in password strength. Another recommendation is to compare your passwords against a password “black list.”

What are the odds your passwords will be hacked?

“Never tell me the odds!” - Han Solo


Up Next

About the Author

TechWell Insights To Go

(* Required fields)

Get the latest stories delivered to your inbox every week.