Security Strategy, Plan, Budget

It was Déjà vu all over again when it came to bad passwords in 2017

The worst password of 2016 remains the number one worst password of 2017 as “123456” tops the list of the most commonly chosen passwords spotted in data leaks.

SplashData researchers found several version of the “1234” sequence passwords were among the top 30 most used passwords from an examination of more than five million passwords leaked by hackers in 2017, according to a recent report.

Other bad passwords that haven't gone out of mass use included “qwerty,” “letmein,” “admin,” “welcome,” and “login.”

“Attackers will use the leaked terms, but they'll also create common variations on these words using simple algorithms.” KnowBe4 CEO Stu Sjouwerman said in a Dec. 26 blog post. “This means that by adding "1" or any other character combinations at the start or end of basic terms, users aren't improving the security of their password."

Researchers said that while more than five million passwords were leaked, the findings still give good insight into the poor decisions users are making when securing their online accounts.

To help combat poor password use, website admins should ensure they offer two-factor authentications to prevent account compromise in the event that their credentials fall into the wrong hands and users should opt into using the option whenever available. In addition researchers called for more sites to block the use of simple and easy to use passwords or at least warn users they may be using potentially weak passwords.   

“Passwords like these are not only easily guessable, they're already in the password-cracking databases of any hacker worth his or her salt, alongside millions of other popular choices and dictionary words,” independent researcher Graham Cluley said in an ESET blog post. “If you, or someone you know, is using any of the passwords above online then you need to take a long hard look at yourself in the mirror.”

Other passwords found among the top 100 worst passwords were an extensive collection of sports terms such as football,  baseball,  soccer,  hockey,  Lakers,  jordan23,  golfer,  Rangers,  Yankees, car brands including Mercedes,  Corvette,  Ferrari,  Harley, and various expressions such as iloveyou,  letmein,  whatever, and blahblah. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.