If your go-to password for your computer and online accounts is “123456,” congratulations, you just won the award for the worst password of 2017 – and most likely to get hacked.
In their annual list of the 100 worst passwords of the year, tech company SplashData not only found some old simple favourites but some passwords that drew on pop culture for inspiration, as well as people’s names and even some profanities.
READ MORE: 1 in 5 adults secretly access Facebook accounts that aren’t theirs: study
“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” Morgan Slain, CEO of SplashData, said in a statement. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”
So which passwords made the list? Here are the top 10:
- 123456 (rank unchanged since the 2016 list)
- password (rank unchanged)
- 12345678 (up one spot)
- qwerty (up two spots)
- 12345 (down two spots)
- 123456789 (new)
- letmein (new)
- 1234567 (unchanged)
- football (down four spots)
- iloveyou (new)
But perhaps most notably is the induction of the password “starwars,” inspired by The Last Jedi, the latest instalment of the Star Wars franchise, which sits as the 16th most-used worst password, Slain said.
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” he said. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”
People’s names are also very popular, the list reveals. Among them are “harley” (#28 on the list), “robert” (#31), “matthew” (#32) and “Jordan” (#33), and more.
On the cheekier side of things, some have even used obscenities as their password, for example “a**hole” (#34) and “f**kyou” (#52).
Sports also dominate password choices, with “football” leading the way, followed by “lakers” (#37) and “hockey” (#78).
LISTEN: How SplashData assembled its list of the worst passwords of 2017
READ MORE: New cybersecurity rules coming this winter amid year of massive hacks: Ralph Goodale
New passwords to appear on this year’s list include “letmein,” “monkey,” hello,” “freedom,” “whatever,” and “trustno1.”
According to SplashData’s estimate, almost 10 per cent of people have used at least one of the 25 worst passwords on this year’s list, and nearly three per cent have used the worst password “123456.”
To protect yourself from getting hacked and from identity theft, SplashData offers a few tips to keep online users safe.
First, use passphrases of 12 characters or more with mixed types of characters including upper and lower cases.
Next, use a different password for each of your website logins. If a hacker gets your password they will try to access your other accounts.
Lastly, protect your assets and personal identity by using a password change manager to organize passwords, generate secure random passwords and automatically log into websites.
To see the full list of worst passwords, click here.