The 25 Worst Passwords of 2017

For the seventh consecutive year, SplashData announced its annual “Worst Passwords List,” highlighting the insecure password habits of today’s internet users. Once again, “123456” and “password” maintained top positions in the number one and two spots. “football” and “monkey” are more popular now than ever, while newcomers to the penalty box include terms like “whatever,” “master,” “ferrari,” and “iloveyou.”

The 2017 list includes some attempts at longer passwords, such as “1234567890” and “qwerty” (or the top row of your standard keyboard). These longer passwords, however, are so simple that their extra length is “virtually worthless as a security measure,” SplashData notes.

SplashData compiled this year’s data from more than 2 million leaked passwords that were posted online by hackers. Most of the data came from people in North America and Western Europe.

The top 15 passwords were:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123

Click here to view the full list.

As a gatekeeper to some of your firm’s most confidential information, here are some important industry best practices on password security to keep in mind:

  1. Make sure you use different passwords for each of your accounts.
  2. Always log off if you leave your device unattended – it only takes a moment for someone to steal or change your password.
  3. Avoid constructive keyboard combinations – such as qwerty or asdfg.
  4. Don’t use personal information such as your name, age, birth date, child’s name, pet’s name or phone number.
  5. Change your password, at a minimum, every 90 days.
  6. Use at least eight characters of lowercase and uppercase letters, numbers and symbols in your password. The more, the merrier!
  7. Avoid entering your passwords on computers you don’t control.
  8. Be sure no one watches when you enter your passwords
  9. Never give your password to anyone. Without attempting to sound too cynical, a trusted confidant today may not be tomorrow.
  10. Create passwords that are easy to remember but hard for others to guess. For instance, use a phrase such as “I started 7th grade at Lincoln Middle School in 2004” and use the initial of each word like this: “Is7gaLMSi04.”

Needless to say, while long, complex passwords are a nightmare to remember, they are a necessity for protecting yourself and your firm from scrupulous hackers. As financial institutions and organizations continue to seek out new and improved cybersecurity protocols, it is everyone’s responsibility to make sure their accounts, whether personal or professional, remain just that – theirs.

If you are viewing this article as a part of our Cyber Security course, please note that you have left your training portal and are viewing this article as a resource on our corporate website.