2017: The worst passwords you should stay away from

You remember 2017, right? Of course you do – it was just last year. So you definitely remember Cloudbleed, which basically bled, to some degree or another, all your private information away and involved big companies such as 4chan.org, uber.com, yelp.com, zendesk.com, medium.com, pastebin.com, glassdoor.com, bitcoin.de, fitbit.com, porntube.com, or 1password.com. Or the time there was a massive 711 million record onliner spambot dump. Yes, 2017 was a year when you were probably reminded to change your password at least once.

Did it help? Perhaps some people – but not enough. How do I know? Well, just look at the below list of the worst passwords of 2017:

1 – 123456 (Unchanged since 2016)
2 – password (Unchanged)
3 – 12345678 (+1)
4 – qwerty (+2)
5 – 12345 (-2)
6 – 123456789 (New)
7 – letmein (New)
8 – 1234567 (Unchanged)
9 – football (-4)
10 – iloveyou (New)
11 – admin (+4)
12 – welcome (Unchanged)
13 – monkey (New)
14 – login (-3)
15 – abc123 (-1)
16 – starwars (New)
17 – 123123 (New)
18 – dragon (+1)
19 – passw0rd (-1)
20 – master (+1)
21 – hello (New)
22 – freedom (New)
23 – whatever (New)
24 – qazwsx (New)
25 – trustno1 (New)

As before SplashData released its annual list of the 25 worst passwords which has been compiled from last year’s worst password leaks. If this is not the first time you take a look at this list you might have noticed that there is not a lot of change going on: a lot of the 25 passwords have been in there last year already. “Starwars” is back from two years ago (which means we will probably see “hansolo” this year and then “starwars” again next year, right? 😉 ) and “dragon” got even more popular, most likely due to the bad ass dragon action in Game of Thrones.

Other than that there is really not a lot to say concerning this list except: stay the heck away from those and similar passwords!

So what to do?

You should definitely make sure you at least consider the following security tips:

  • Use a unique password for each of your accounts. When a website gets hacked one of the first things bad guys do is checking out if your username/email address/password combination works on other (high-profile) pages.
  • Your password should consist of at least twelve characters – the more the better. It should include upper- and lower-cases, numbers, and special characters.
  • Try and create passwords that can’t be found in a dictionary. Hackers nowadays have programs that cycle through dictionaries to check if they can access your account.
  • Don’t use character strings like 12345, abcde, qweertyui, etc.
  • Use passwords that can’t be associated with you: Your dog’s name, birthday dates of family members or yourself or your favorite sport are a not a good idea.
  • Change your password regularly – especially when it comes to your email and online banking/online payment accounts.
  • Don’t write down your passwords and never ever share them.

If you have trouble coming up with a good, strong, and complex enough password, try our Password Manager. It not only helps to create your password but also remembers it, keeps it safe, and auto fills it into web forms. So take a look at it – it’s there to help you and make your online life easier!

What are your password tips?

This post is also available in: GermanFrenchItalian

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.