x
Breaking News
More () »

These were the worst passwords of 2017

Avoiding 'password' as your password is a no-brainer...but some of 2017's 'worst passwords' may surprise you.
Credit: Thinkstock

Strong passwords, these were not.

With Star Wars: The Last Jedi now in theaters, "starwars" made its debut among the worst passwords used in 2017, according to security company SplashData.

The password "starwars" entered their list in the 16th spot, ahead of passwords including "passw0rd" and "hello."

"Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words," said Morgan Slain, CEO of SplashData, in a statement.

SplashData said in a statement Tuesday the list is based on more than five million passwords leaked during the year.

Once again, "123456" is the worst password of the year, followed by "password." New entrants into SplashData's list include "123456789" (No. 6) and "letmein" (No. 7).

The company estimates nearly 3% of people used the worst password on the list, while almost 10% have used at least one of the top 25.

The top 25 worst passwords of 2017:

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

11. admin

12. welcome

13. monkey

14. login

15. abc123

16. starwars

17. 123123

18. dragon

19. passw0rd

20. master

21. hello

22. freedom

23. whatever

24. qazqsx

25. trustno1

To keep accounts secure, users can follow these tips:

Think passphrase, not password. Originally, experts suggested thinking of a super complex password with a variety of numbers, uppercase and lowercase letters, and symbols. The problem is they're way too tough to remember. Instead, consider a phrase for your password, then tweak it with numbers or symbols you can more easily recall.

Use two-factor authentication. Most big websites offer an additional layer to the login process, where you can request a text message with numeric code or confirmation through an authenticator app to verify your identity.

Make passwords unique. Use a different password for every website. According to SplashData, if hackers get a password for one set of credentials, they will try them across other services.

Consider password managers. If you have a lot of logins to manage, password managers such as Dashlane and LastPass offer automatically generated passwords for the sites you use. The user will have one master password they need to remember to log in to the manager.

Before You Leave, Check This Out