Password Management

InfoShot: Worst passwords of 2017

With the rise of biometrics and 2-Factor Authentication, the password isn’t the ultimate gatekeep it used to be. But that doesn’t mean you should be lazy when coming up with your password.

Password manager provider SplashData has published its annual list of worst passwords, and it seems people never learn that ‘password’ is not a password and any monkey can run a finger across a keyboard.

Unsurprisingly, the list is full of familiar faces. ‘123456’ came top of the list, with longer and shorter variants making up half of the top 10. The ever-present ‘password’ and ‘qwerty’ featured in the top four, with ‘letmein’, ‘football’, and ‘iloveyou’ rounding out the rest.

The top 20 featured ‘monkey’, ‘admin’, ‘welcome’, ‘login’, and ‘dragon’.  Star Wars mania also led to ‘starwars’ becoming a popular option.

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” said Morgan Slain, CEO of SplashData. “Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.”

The first computer password is generally thought to have been created by Fernando Corbató and his team for the Compatible Time-Sharing System (CTSS) at MIT in the early-1960s. Sadly it was also the first case of password failure. One of MIT’s researchers wanted more usage time on the CTSS and so printed off all of the passwords on the system.

Unfortunately things haven’t improved much in the intervening 50 years. Variants of ‘password’, ‘123456’, and ‘qwerty’ have featured in the list of worst and common passwords in 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, and probably every other year.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used ‘123456’. Why do they do this? Because good passwords are hard, people are lazy and forgetful and will put in the minimum required effort when setting up passwords, and systems often allow them to get away with it.

Microsoft’s Bill Gates predicted ‘the death of the password’ as far back as 2004. Fobs and smartcards never took off as a viable alternative. And, so far, the best the industry has done is augment the process with the likes of password managers, 2FA, and biometrics.



Also read:
These are the 25 worst passwords of 2015
What if we gave non-technical security issues vulnerability logos and names?


« Advice from a CISO: It's time to stop fearing cloud security


What you need to know about Stegware »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?