'Football' And 'Hello' Among Worst Offenders In Annual Worst Passwords List

Is yours on there? If so, have a word.

Cyber security is an ever-growing issue and 2017 has seen a string of data breaches as hackers seize our personal information. 

With that in mind, it is hard to believe that anyone in this day and age would use the word 'password' as their password, and yet the annual Word Passwords of the Year list from SplashData has confirmed people really are that stupid. 

Their list ranked the worst 25 passwords for putting users at risk, and while some offenders have lingered from past liststhe number one entry of "123456" is unmoved from last yearthere's been a new addition of "starwars" at number 16. 

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” explains Morgan Slain, the droll CEO of SplashData, Inc. 

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.” 

Here's their top 25 Worst Passwords of 2017: 

1 - 123456 (rank unchanged since 2016 list) 

2 - password (unchanged) 

3 - 12345678 (up 1)

4 - qwerty (Up 2) 

5 - 12345 (Down 2) 

6 - 123456789 (New) 

7 - letmein (New) 

8 - 1234567 (Unchanged) 

9 - football (Down 4) 

10 - iloveyou (New) 

11 - admin (Up 4) 

12 - welcome (Unchanged) 

13 - monkey (New) 

14 - login (Down 3) 

15 - abc123 (Down 1) 

16 - starwars (New) 

17 - 123123 (New) 

18 - dragon (Up 1) 

19 - passw0rd (Down 1)

20 - master (Up 1) 

21 - hello (New) 

22 - freedom (New) 

23 - whatever (New) 

24 - qazwsx (New) 

25 - trustno1 (New) 

And if you're one of the near 10 percent of people SplashData estimate have used one of these passwords on the list, fear not, they have some security advice for you. 


1. Use passphrases of 12 characters or more with mixed types of characters including upper and lower cases. 

2. Use a different password for each of your website logins. If a hacker gets your password they will try it to access other sites. 

3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites. 

And don't be stupid.

This story originally appeared on Esquire.co.uk. Minor edits have been made by the Esquiremag.ph editors.

watch now
View More Articles About:
More Videos You Can Watch
About The Author
Esquire UK Editors
View Other Articles From Esquire
Latest Feed
Load More Articles
Connect With Us