While becoming “123456” as your phrase is quite bad, the other phrases found on a list of Top 100 Worst Passwords of 2017 are just as distressing and remorseful.
The list was put together by SplashData, a corporation that provides several password management services such as TeamsID and Gpass. The business said it compiled the list by investigating over five million user credentials leaked online in 2017 and that also included password information.
“Use of any of the phrases on this list would put users at grave risk for identity theft,” said a SplashData spokesperson in News that appended a two-page PDF document containing a list of the most encountered passwords.
This is because criminals use these same leaked recordings to build similar lists of leaked passwords, which they then assemble as “dictionaries” for taking out account brute-force attacks.
Attackers will use the dripped terms, but they’ll also create common variations on these words using simple algorithms. This means that by adding “1” or any other character mixtures at the start or end of basic terms, users aren’t enhancing the security of their password.
Advising users on best phrase policies is a doctoral document in its own right, but for the time being, users should look into handling unique passwords per account, possibly employing a password manager, using numerous complex passwords, and above all, visiting away from the terms below.
1 – 123456 (rank unchanged since 2016 list)
2 – password (unchanged)
3 – 12345678 (up 1)
4 – qwerty (Up 2)
5 – 12345 (Down 2)
6 – 123456789 (New)
7 – letmein (New)
8 – 1234567 (Unchanged)
9 – football (Down 4)
10 – iloveyou (New)
11 – admin (Up 4)
12 – welcome (Unchanged)
13 – monkey (New)
14 – login (Down 3)
15 – abc123 (Down 1)