Did Your Password Make the “Worst 100” List?

2017 was a big year for data security (not in a good way). There were a number of well-publicized attacks that left us exposed— Equifax, SEC, Yahoo and Uber to name a few. After each breach, you may have read the countless “How to” and “Top 10” articles about how to protect yourself. A common recommendation was to use a password manager. While we still think it’s valuable advice, we want to make sure that none of these passwords are currently sitting in your secured app.

SplashData, a company that creates applications for password management and security has published its annual Top 100 Worst Passwords list. Their analysis is based on five million leaked passwords across North America and Western Europe.

These were among the top 25 passwords:









The primary purpose of a password manager is to store all of your passwords safely in one place, making it easier to create harder-to-remember and varying passwords between all of your accounts. The information that SplashData compiled proves that we still have a lot of room for improvement. They estimate that almost 10% of people have used at least one of the 25 worst passwords on last year’s list, and nearly 3% of people have used the worst password, 123456.

Although it’s easy to remember a password such as “starwars,” it’s risky because everyone knows about Star Wars (if you don’t, I suggest you ask Google). The key to a strong password is its long length and uniqueness. An example is a meaningless string of letters, numbers and punctuation. In addition, don’t forget to use dual-factor authentication where possible and regularly check where account activity originates.

As hackers will continue to attack vulnerable systems this year, many companies are getting smarter about protecting their customers’ data, but unfortunately, hackers are silently improving their methods as well. To best protect yourself, focus on what you can control by making harder-to-remember, or alternatively, easy-to-remember but hard-to-guess passwords.