Alright pals, it’s time for another roundup review of the most common passwords. Looking back at 2017, there were tons of services that got hacked, from Equifax to Yahoo. While some breaches can leave everyone blindsided with the skill behind the attacks, other hacks are easily avoided by not having a dumb password.
Like, for real, if your password is still “password,” no one will send you a sympathy card when your online life gets wrecked.
And if you’re still rocking “123456,” do yourself a favor and log off from everything forever.
Security firm SplashData released a compilation of the top 100 “Worst Passwords of 2017” (#34 is pretty neat). They crafted the list from an analysis of five million leaked online user records from the past year.
While the list is hilarious, it should be taken with a grain of salt. There are roughly 3.2 billion people online, and it’s likely each person has more than one account that requires login credentials. Regardless, here are the 25 worst offenders:
- 123456
- password
- 12345678
- qwerty
- 12345
- 123456789
- letmein
- 1234567
- football
- iloveyou
- admin
- welcome
- monkey
- login
- abc123
- starwars
- 123123
- dragon
- passw0rd
- master
- hello
- freedom
- whatever
- qazwsd
- trustno1
If we pretended like each person only has one account, a leaked list of five million doesn’t even make up one percent of all passwords online. Plus, the internet is now rife with bots, who aren’t included in that 3.2 billion headcount.
Sometimes programmers use easy to remember passwords for bots that make it in to the hall of shame, like “qwerty” or “12341234.” Plus, many databases require a password to look at passwords, so hopefully those didn’t leak onto the list.
Even with this in mind, there are still plenty of actual people using tragically simple passwords featured in SplashData’s list.
My personal favorites include “trustno1” and newcomer to the list, “starwars.” Plenty of common first names like Daniel, Amanda, and Matthew made it on the list as well.
Some very ambitious people opted for wishful thinking in using luxury car brands like Ferrari, Mercedes, and Corvette as their passwords. Other notable mentions include “letmein” and inexplicably, “cheese” and “killer.”
Here’s the thing: you’re probably going to get hacked at some point. If you’re lucky, it will just be some throwaway email account you use for special offers.
Protect yourself by regularly changing your passwords, and using unique passwords for each account you have. You can use generators to create strong passwords, and keep track of them all using a secure password manager services.
Additionally, if two-factor authentication is available through whatever service you’re using that requires login credentials, take them up on that additional protection.
Ultimately though, if the service you’re using isn’t properly encrypting and hashing personally-identifying information, a strong password won’t help.
Oh and also because the internet is full of equal amounts of good and bad, there is the constant presence of persistent hackers who will relentlessly use phishing attempts and large-scale hacks to derail databases. Secure passwords won’t help either.
Basically we’re always open for hacking attempts, and nothing at the moment can really stop them. However, after having my bike seat and accessories stolen numerous times, I learned a nice philosophy that can apply to all sorts of things.
You can’t stop someone from trying to steal your stuff, but if you make it difficult enough they may give up. Do whatever you can to secure your passwords, but recognize that ultimately there aren’t that many great protections in place.
