InfoShot: Worst passwords of 2017
Password Management

InfoShot: Worst passwords of 2017

With the rise of biometrics and 2-Factor Authentication, the password isn’t the ultimate gatekeep it used to be. But that doesn’t mean you should be lazy when coming up with your password.

Password manager provider SplashData has published its annual list of worst passwords, and it seems people never learn that ‘password’ is not a password and any monkey can run a finger across a keyboard.

Unsurprisingly, the list is full of familiar faces. ‘123456’ came top of the list, with longer and shorter variants making up half of the top 10. The ever-present ‘password’ and ‘qwerty’ featured in the top four, with ‘letmein’, ‘football’, and ‘iloveyou’ rounding out the rest.

The top 20 featured ‘monkey’, ‘admin’, ‘welcome’, ‘login’, and ‘dragon’.  Star Wars mania also led to ‘starwars’ becoming a popular option.

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” said Morgan Slain, CEO of SplashData. “Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.”

The first computer password is generally thought to have been created by Fernando Corbató and his team for the Compatible Time-Sharing System (CTSS) at MIT in the early-1960s. Sadly it was also the first case of password failure. One of MIT’s researchers wanted more usage time on the CTSS and so printed off all of the passwords on the system.

Unfortunately things haven’t improved much in the intervening 50 years. Variants of ‘password’, ‘123456’, and ‘qwerty’ have featured in the list of worst and common passwords in 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, and probably every other year.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used ‘123456’. Why do they do this? Because good passwords are hard, people are lazy and forgetful and will put in the minimum required effort when setting up passwords, and systems often allow them to get away with it.

Microsoft’s Bill Gates predicted ‘the death of the password’ as far back as 2004. Fobs and smartcards never took off as a viable alternative. And, so far, the best the industry has done is augment the process with the likes of password managers, 2FA, and biometrics.



Also read:
These are the 25 worst passwords of 2015
What if we gave non-technical security issues vulnerability logos and names?


«Where are we at with containers?


Why Facebook became such a hotbed for ICO and cryptocurrency ads»
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?