Imagine locking your front door with a strip of tape. Not even duct tape, mind you, but Scotch tape or an easily tearable strip of masking tape. That would be pretty foolish, right? We don't know of anyone who does that, but astonishingly, the most commonly used passwords to protect online accounts are just as weak. Security outfit SplashData complied a list of the 25 most prevalent passwords of 2017, and topping the list is "123456."
That one has been a go-to password for several years now. One of the newer entries, however, is "starwars," which isn't all that surprising given the buzz around the Star Wars franchise and release of The Last Jedi.
"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use," said Morgan Slain, CEO of SplashData, Inc. "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."
By its very nature, the list of commonly used passwords also represents the dumbest ones—there's not much security involved in using a password that many others are using as well. We suspect many of these come down to laziness when creating a throwaway account for a website that requires a username and password, as opposed to locking down banking accounts with these passwords. At the same time, you know there has to be a few people out there that are actually using these passwords to protect important accounts.
Here is a look at some other new entries to the list:
- 123456789 (No. 6)
- letmein (No. 7)
- iloveyou (No. 10)
- monkey (No. 13)
- 123123 (No. 17)
- hello (No. 21)
- freedom (No. 22)
- whatever (No. 23)
- qazwsx (No. 24)
- trustno1 (No. 25)
"Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure," Slain added. "Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online."
Using a password manager is one alternative, though they come with their own risks, such as hacking. According to an updated guideline by the National Institute of Standards and Technology, the best practice is to use a strong password, and only change it if you have a good reason to, such as a security breach.