You tell your clients all the time about good password policies. You tell your friends and family. You may be able to rattle off in your sleep “unique, long strings of varied characters with multiple numbers, capitals, and special characters.” But just how many people are heeding the call for better security? Has the public started taking cyber security seriously?
Well, not really—common passwords and password habits are still pretty bad. But there’s still hope. Much like a glacier, there has been some small, measurable movement in the right direction.
SplashData, a password-management application provider, has released another round of their annual “Worst Passwords List,” putting the spotlight on the poor password habits of Internet users. Unbelievably, the most terrible—and most common—passwords remain the same: “123456” and “password.”
Despite all of the warnings and notifications that have attempted to permeate the public consciousness, people are still using these risky and unsafe options, leading to the conclusion that they either don’t know or don’t care about the great risk such weak passwords pose to their data.
The 25 Worst Passwords of 2017
If you use any of the following passwords, please—PLEASE—go change them now.
25. trustno1 (new)
24. qazwsx (new)
23. whatever (new)
22. freedom (new)
21. hello (new)
20. master (up 1)
19. passw0rd (down 1)
18. dragon (up 1)
17. 123123 (new)
16. starwars (new)
15. abc123 (down 1)
14. login (down 3)
13. monkey (new)
12. welcome (unchanged)
11. admin (up 4)
10. iloveyou (new)
9. football (down 4)
8. 1234567 (unchanged)
7. letmein (new)
6. 123456789 (new)
5. 12345 (down 2)
4. qwerty (up 2)
3. 12345678 (up 1)
2. password (unchanged)
1. 123456 (unchanged)
Password Security Trends
This list was compiled from over five million leaked passwords, mainly from North American and Western European users. The passwords were revealed by hacking attacks throughout 2017, though SplashData chose not to include passwords leaked from the Yahoo email breach or from hacks of adult websites. From this list, though, there are some interesting trends to note.
First, it appears that users have begun to create longer passwords, perhaps a result of new site requirements that specify as much. In doing so, however, users have managed to render these longer passwords just as useless as shorter ones with perfectly predictable patterns, often dictated by a simple swipe of a finger over the keyboard in one direction.
Next, it’s seems as though movie buffs are among those bad-password creators. The rise of Star Wars passwords coincides with the big movie openings from the franchise, most recently The Last Jedi in 2017. Looks like The Force isn't as strong with these poor passwords.
The above list serves as an example of one of the all-time worst for password security habits. Using these types of short, searchable, identifiable and specific words as passwords can exponentially put the user at risk. Hackers use algorithms to plug in these words as easily as turning a key—all they need is the opportunity. To put this into perspective, I think this picture sums it up quite perfectly:
By now, you're probably looking for ways to help potential or existing clients increase their password and overall IT security this year. The following posts will definitely be of assistance:
- Important Tips for Improving Password Security
- 5 Ways to Increase Cybersecurity Preparedness in 2018
- The Basics of Cyber Security Training for End-Users
Don't stop here! Download the complete guide to secure end-user behavior: