SplashData has published its annual list of the worst passwords of the year using data from more than 5 million passwords that were leaked by hackers. SplashData also commented on the number of well known breaches that have occurred within the last year (or 2).
Despite an increasing number of attacks, everyday users continue to use easy to defeat passwords to gain access to their accounts.
Table of Contents
Most Common Passwords of 2017 by SplashData
The numbers in parentheses denote the position change in the password list. New refers to a new position on the list, 0 refers to the same position (unchanged), positive numbers mean the entry has gone up, and finally, a negative number means the entry went down the list.
- 123456 (0)
- Password (0)
- 12345678 (1)
- qwerty (2)
- 12345 (-2)
- 123456789 (New)
- letmein (New)
- 1234567 (0)
- football (-4)
- iloveyou (New)
- admin (4)
- welcome (0)
- monkey (New)
- login (-3)
- abc123 (-1)
- starwars (New)
- 123123 (New)
- dragon (1)
- passw0rd (-1)
- master (1)
- hello (New)
- freedom (New)
- whatever (New)
- qazwsx (New)
- trustno1 (New)
Comparison of the Most Common Passwords from 2011 to 2017 by SplashData
Since 2011, SplashData has published a list of the 25 most common passwords each year. The list is based on data examined from millions of passwords leaked in data breaches, mostly in North America and Western Europe, year over year.
| Rank | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 |
|---|---|---|---|---|---|---|---|
| 1 | 123456 | 123456 | 123456 | 123456 | 123456 | password | password |
| 2 | password | password | password | password | password | 123456 | 123456 |
| 3 | 12345678 | 12345 | 12345678 | 12345 | 12345678 | 12345678 | 12345678 |
| 4 | qwerty | 12345678 | qwerty | 12345678 | qwerty | abc123 | qwerty |
| 5 | 12345 | football | 12345 | qwerty | abc123 | qwerty | abc123 |
| 6 | 123456789 | qwerty | 123456789 | 123456789 | 123456789 | monkey | monkey |
| 7 | letmein | 1234567890 | football | 1234 | 111111 | letmein | 1234567 |
| 8 | 1234567 | 1234567 | 1234 | baseball | 1234567 | dragon | letmein |
| 9 | football | princess | 1234567 | dragon | iloveyou | 111111 | trustno1 |
| 10 | iloveyou | 1234 | baseball | football | adobe123 | baseball | dragon |
| 11 | admin | login | welcome | 1234567 | 123123 | iloveyou | baseball |
| 12 | welcome | welcome | 1234567890 | monkey | admin | trustno1 | 111111 |
| 13 | monkey | solo | abc123 | letmein | 1234567890 | 1234567 | iloveyou |
| 14 | login | abc123 | 111111 | abc123 | letmein | sunshine | master |
| 15 | abc123 | admin | 1qaz2wsx | 111111 | photoshop | master | sunshine |
| 16 | starwars | 121212 | dragon | mustang | 1234 | 123123 | ashley |
| 17 | 123123 | flower | master | access | monkey | welcome | bailey |
| 18 | dragon | passw0rd | monkey | shadow | shadow | shadow | passw0rd |
| 19 | passw0rd | dragon | letmein | master | sunshine | ashley | shadow |
| 20 | master | sunshine | login | michael | 12345 | football | 123123 |
| 21 | hello | master | princess | superman | password1 | jesus | 654321 |
| 22 | freedom | hottie | qwertyuiop | 696969 | princess | michael | superman |
| 23 | whatever | loveme | solo | 123123 | azerty | ninja | qazwsx |
| 24 | qazwsx | zaq1zaq1 | passw0rd | batman | trustno1 | mustang | michael |
| 25 | trustno1 | password1 | starwars | trustno1 | 0 | password1 | Football |
| Rank | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 |
Most Common Passwords of 2017 Observations
We learned there are more Star Wars fans out there now, but as we move along, we have learned that the changes aren’t really that different. Behaviors are still the same. Everyone should know by now of the increasing number of hacking attempts and successful breaches.
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use. Hackers are using common terms from pop culture and sports to break into accounts online because they know how many people are using those easy-to-remember words.”
Morgan Slain, SplashData CEO
As more breaches are revealed in the news, it gives us more opportunities to review best practices. You should create complex passwords, use a different password on every website, and use at least two-factor authentication.
Even with all that advice that “everyone knows,” the most common password for 2017 is “123456,” followed closely by “password.” You may have recognized these from the previous year. Variations of these two “worst passwords” also represent at least 6 of the remaining passwords on this year’s list.
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, “123456.”
Additional Sources:
- The 25 Most Popular Passwords of 2017: You Sweet, Misguided Fools by Gizmodo
- The 25 Most-Used Passwords of 2017 Includes ‘Star Wars’ by Fortune
To compare against last year’s passwords, check out our previous Most Common Passwords of 2016 post.