Each December for the past seven years, security applications and service provider, SplashData, has published a list of the most frequently hacked passwords of the last year. The results are depressingly predictable – year after year millions of us rely on simple word and number patterns, our birthdays, partner’s names, and, of course, “password” to keep our online accounts secure.
SplashData created the list using over 5 million hijacked passwords that were made public over the past 12 months, excluding those stolen from adult websites and any swiped during the Yahoo hack (which involved some 3 billion accounts). The majority came from users in North America and Western Europe.
While many on the list are fairly standard (“123123”, “Password”, “admin” etcetera), there were a couple of unexpected entries, including “monkey” and “whatever”. Others were a little more topical – a very cynical (and entirely appropriate) "trustno1" snuck in at number 25 this year.
The list does have a serious purpose, though. The team at SplashData hope this list will make people think a little more about safety online and encourage users to take active steps to keep their digital data secure against hackers.
“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” Morgan Slain, CEO of SplashData, explained in a press release.
“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”
“Football” and “dragons” (a likely reference to Game of Thrones) also made the list.
Here’s the top 25:
- 1. 123456 (unchanged... for the fourth year in a row)
- 2. Password (unchanged)
- 3. 12345678 (up 1 from last year)
- 4. qwerty (up 2 from last year)
- 5. 12345 (down 2 from last year)
- 6. 123456789 (new)
- 7. letmein (new)
- 8. 1234567 (unchanged)
- 9. football (down 4 from last year)
- 10. iloveyou (new)
- 11. admin (up 4 from last year)
- 12. welcome (unchanged)
- 13. monkey (new)
- 14. login (down 3)
- 15. abc123 (down 1)
- 16. starwars (new)
- 17. 123123 (new)
- 18. dragon (up 1 from last year)
- 19. passw0rd (down 1 from last year)
- 20. master (up 1 from last year)
- 21. hello (new)
- 22. freedom (new)
- 23. whatever (new)
- 24. qazwsx (new)
- 25. trustno1 (new)
- Obviously, if any of the logins above seem vaguely familiar, it may be time to switch up your passwords. Experts suggest stringing four simple but random words together. Length is key to making your password hack-proof – “correct horse battery staple”, for example, would take computer hackers 500 years to crack, plus it’s far easier to remember than a meaningless jumble of characters.