'Password' Still a Common Password in 2017

A security company has released its list of the worst passwords of 2017. As always with this annual survey, it tells us more about culture than security practices.

The list comes from SplashData, which compiles the rankings based on how many times particular passwords appears in leaked lists of user databases (mainly among English language users). The survey this year totaled more than five million passwords, though it's worth noting the company deliberately excluded leaks of passwords from adult sites. (Source: cnet.com)

The most common are hardly any surprise with "123456" beating out "password" to the top of the list. New entrants include "123456789" and "letmein" in the top 10, while "starwars" led the cultural references at number 16.

Qazwsx Unleashed On World

Another first-time appearance came for "qazwsx", which may sound random but is actually what you get if you go down the two left-most columns of letters on a keyboard. There was also a debut for "whatever", suggesting users are getting tired of creating passwords.

The big problem with the list, as every year, is that it doesn't give us any insight about the overall level of password security. Readers are supposed to be shocked to see such obvious passwords at the top of the list, but by definition that's always going to be the case: the passwords that are used most commonly will always be ones that are predictable and unoriginal.

One In Ten People Use A Common Password

SplashData estimates three percent of people have used "123456" while ten percent of people have used one of the 25 most common passwords. One note of caution is that some of the leaked passwords may have been used by people who simply wanted quick access to a particular service - such as registering for a free download - and didn't intend to ever use that login again. (Source: usatoday.com)

Examples such as these are important, as hackers (and even bots) trying to breach a system will usually try common passwords first before going on to use a dictionary of 'real' words and only after that trying random strings of characters.

What's Your Opinion?

Are you surprised so many people use obvious passwords? How can tech firms balance convenience and security when it comes to passwords? Do you use any systems or tools to make it easier to use more secure passwords?