header-image
Password Management

InfoShot: Worst passwords of 2017

With the rise of biometrics and 2-Factor Authentication, the password isn’t the ultimate gatekeep it used to be. But that doesn’t mean you should be lazy when coming up with your password.

Password manager provider SplashData has published its annual list of worst passwords, and it seems people never learn that ‘password’ is not a password and any monkey can run a finger across a keyboard.

Unsurprisingly, the list is full of familiar faces. ‘123456’ came top of the list, with longer and shorter variants making up half of the top 10. The ever-present ‘password’ and ‘qwerty’ featured in the top four, with ‘letmein’, ‘football’, and ‘iloveyou’ rounding out the rest.

The top 20 featured ‘monkey’, ‘admin’, ‘welcome’, ‘login’, and ‘dragon’.  Star Wars mania also led to ‘starwars’ becoming a popular option.

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” said Morgan Slain, CEO of SplashData. “Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.”

The first computer password is generally thought to have been created by Fernando Corbató and his team for the Compatible Time-Sharing System (CTSS) at MIT in the early-1960s. Sadly it was also the first case of password failure. One of MIT’s researchers wanted more usage time on the CTSS and so printed off all of the passwords on the system.

Unfortunately things haven’t improved much in the intervening 50 years. Variants of ‘password’, ‘123456’, and ‘qwerty’ have featured in the list of worst and common passwords in 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, and probably every other year.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used ‘123456’. Why do they do this? Because good passwords are hard, people are lazy and forgetful and will put in the minimum required effort when setting up passwords, and systems often allow them to get away with it.

Microsoft’s Bill Gates predicted ‘the death of the password’ as far back as 2004. Fobs and smartcards never took off as a viable alternative. And, so far, the best the industry has done is augment the process with the likes of password managers, 2FA, and biometrics.

14-02-18-worst-passwords-of-2017

 

Also read:
These are the 25 worst passwords of 2015
What if we gave non-technical security issues vulnerability logos and names?

PREVIOUS ARTICLE

« Advice from a CISO: It's time to stop fearing cloud security

NEXT ARTICLE

What you need to know about Stegware »
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • twt
  • Mail

Recommended for You

Tech Cynic: VR, the never-popular technology

Tech Cynic – IT without the rose-tinted spectacles

Five months on, GDPR doubts remain for this lawyer

Martin Veitch's inside track on today’s tech trends

How can smart solutions help address Southeast Asia's urban challenges?

Keri Allan looks at the latest trends and technologies

Poll

Is your organization fully GDPR compliant?