‘Starwars’ among worst passwords of 2017 in annual list

Gelo Gonzales
Pop culture references may be bad passwords, warns a US password management service provider

MANILA, Philippines – Splashdata, a provider of password management applications, has released the 2017 edition of their annual worst passwords list, which included familiar sights such as “123456”, “password”, and “qwerty”. 

But joining the usual suspects is the pop culture-flavored “starwars”, which got the 16th spot in the worst passwords list compiled from more than 5 million passwords leaked in various hacks this year.

The appearance of “starwars” in the list was obviously fueled by 2017 being a release year for a Star Wars movie, Star Wars: The Last Jedi

The appearance of the said password hints at the fact that people tend to use pop culture references as passwords. The words “lakers”, “ferrari”, “football”, “soccer”, and “jordan23” also make an appearance in the top 100 list. Unfortunately, it may not always be advisable to refer to something you love as a password as they are easy guesses by would-be hackers. 

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData.

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” Slain warned. 

SplashData also offered other advice to remain safe from hackers, issuing reminders about ways to strengthen passwords, typically the keys to accounts online.

“Use passphrases of twelve characters or more with mixed types of characters including upper and lower cases. Use a different password for each of your website logins. If a hacker gets your password they will try it to access other sites,” the company said in a statement. 

SplashData’s estimates also said that almost 10% of people have used at least one of the 25 worst passwords on this year’s list: 

1 – 123456 (rank unchanged since 2016 list) 
2 – password (unchanged) 
3 – 12345678 (up 1) 
4 – qwerty (Up 2) 
5 – 12345 (Down 2) 
6 – 123456789 (New) 
7 – letmein (New) 
8 – 1234567 (Unchanged) 
9 – football (Down 4) 
10 – iloveyou (New) 
11 – admin (Up 4) 
12 – welcome (Unchanged) 
13 – monkey (New) 
14 – login (Down 3) 
15 – abc123 (Down 1) 
16 – starwars (New) 
17 – 123123 (New) 
18 – dragon (Up 1) 
19 – passw0rd (Down 1) 
20 – master (Up 1) 
21 – hello (New) 
22 – freedom (New) 
23 – whatever (New) 
24 – qazwsx (New) 
25 – trustno1 (New)

Nearly 3% of people have used the worst password, 123456. It goes without saying that these passwords should be avoided. You can check out the full list of worst passwords by clicking on this link.

SplashData said that most of the leaked passwords evaluated for the 2017 list were mostly held by users in North America and Western Europe, and that leaks from hacks of adult sites and from the Yahoo! email breach were not included.

Wherever the data was gathered from, however, the basic premise remains: lazy passwords may make it easier for hackers to break into your account. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.