The 25 Most Common Passwords of 2017

This year’s worst passwords include the famous “123456” and “password” along with new additions like “starwars” and “trustno1.”
Kashyap Vyas
The photo credit line may appear like thisPsyomjesus/Wikimedia Commons

The password solutions company SplashData compiled a list of most common passwords based on data of five million passwords that were leaked by hackers in 2017. While we all know the popular ones “123456” and “password” which tops the list, there are few new additions this year. The list includes “starwars” (16th), “iloveyou” (10th), “monkey” (13th) and “letmein” (7th) along with other variations of “12345” and “password”. The passwords evaluated for the list are predominantly from users in North America and Western Europe and does not include data from the infamous Yahoo hack.


But what is more visible from the list is that despite some of the major data leaks, people have continued to use passwords that are easy to guess. SplashData estimates that about 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used ‘123456’, which is the worst password. The company hopes that the list will motivate people to take safety precautions while performing any online activity.

 “Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said SplashData CEO Morgan Slain. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Here’s a list of top 25 common passwords from the list. Make sure yours is not on the list.

  1. 123456 (Unchanged)
  2. Password (Unchanged)
  3. 12345678 (Up 1)
  4. qwerty (Up 2)
  5. 12345 (Down 2)
  6. 123456789 (New)
  7. letmein (New)
  8. 1234567 (Unchanged)
  9. football (Down 4)
  10. iloveyou (New)
  11. admin (Up 4)
  12. welcome (Unchanged)
  13. monkey (New)
  14. login (Down 3)
  15. abc123 (Down 1)
  16. starwars (New)
  17. 123123 (New)
  18. dragon (Up 1)
  19. passw0rd (Down 1)
  20. master (Up 1)
  21. hello (New)
  22. freedom (New)
  23. whatever (New)
  24. qazwsx (New)
  25. trustno1 (New)

See all 100 worst and most common passwords of 2017 here.

Tips to Create A Strong Password

With few simple steps, you can create a strong password and easily protect your identity and business transactions on the web. Here are few important tips that can help you create a strong password.

1. Create a password that is not less than eight characters

Having a long password is often the best strategy to make it difficult for the hackers or algorithms to crack it. A long string of characters will make it challenging to guess the password for most programs that use a random combination of characters.

2. Avoid using a common phrase, your name, nickname or address

Many passwords in the list include common words, which are easily hackable using dictionary attacks. Other information such as your name, your pet’s name, DOB and street address might be easy for you to remember but is a piece of cake for hackers to crack your password. Best advice, don’t use them!

3. Use a mix of alphanumeric characters and numbers

One of the best ways to create a strong password is to use a mix of case-sensitive alphanumeric characters along with symbols. While it may be difficult to remember, there’s one easy way you can remember it. To create a password that is strong and yet easy to remember, use acronyms. Replace letters with their corresponding uppercase and similar special characters. For example, never mind can be converted to “N3v$rM1^d”.

4. Abbreviate a sentence

Come up with a sentence and pick the first or last letter of each word to form a password. Mix it with special characters to make it even stronger. For example, I ate all the chocolates and candies! Considering the last letter of each word, the password becomes – [email protected]&!

5. Do not use the same password twice

Never make the mistake of using the same password for all your online accounts. Even if one of the online service gets hacked, it becomes easy for the hackers to access your other accounts as well. Never use weak passwords for services that are less important to you. Chances are that someday you may end up giving important information such as your credit card details, without thinking about securing your account with a strong password.

6. Use two-factor authentication

Although not full-proof, a two-factor authentication actually adds another layer of security to your online account. You can use dedicated authentication apps or enable the code over SMS feature, which most websites offer today. Enabling this functionality might not guarantee 100% security, but is far better than relying on one single password.

7. Do not store passwords in your browser

Storing a password in a browser can be hacked. It happened with Opera last year when hackers managed to access the user sync data such as passwords, login names, and account information.

Already have an account? Log in