Try SiteGuard 'Protect'
and get $30 OFF

No thank you


Click below to activate code.

Use promo code.


What Were the Worst Passwords of 2017?

January 9, 2018

Nick Bell

< Back

We all know someone whose password hasn’t changed for the last ten years, but you’d be surprised at how common unsafe passwords are.

Password management company SplashData put together a list of 2017’s worst passwords by analysing more than five million leaked user records throughout the year.

For the second year in a row, ‘123456’ is at the top of the worst password list. Meanwhile, a new addition joined the list at #16: ‘starwars’.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” says Morgan Slain, CEO of SplashData Inc., in a statement.

“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Don’t join the dark side by using weak, unsafe passwords.


While many are aware of the risks associated with weak passwords, millions of people continue to use them. Variations of guessable passwords like ‘password’ and ‘123456’ with extra digits make an appearance on the 2017 list.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” says Slain. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

SplashData estimates that almost 10% of people have used at least one of the 25 worst passwords on this year’s list, while 3% of people are guilty of using the infamous ‘123456’.


SplashData’s Worst Passwords of 2017

  1. 123456 (rank unchanged since 2016 list)
  2. password (unchanged)
  3. 12345678 (up 1)
  4. qwerty (up 2)
  5. 12345 (down 2)
  6. 123456789 (new)
  7. letmein (new)
  8. 1234567 (unchanged)
  9. football (down 4)
  10. iloveyou (new)
  11. admin (up 4)
  12. welcome (unchanged)
  13. monkey (new)
  14. login (down 3)
  15. abc123 (down 1)
  16. starwars (new)
  17. 123123 (new)
  18. dragon (up 1)
  19. passw0rd (down 1)
  20. master (up 1)
  21. hello (new)
  22. freedom (new)
  23. whatever (new)
  24. qazwsx (new)
  25. trustno1 (new)


SplashData encourages all users to be proactive about their online security by using these three simple tips:

+ Use passwords of twelve or more uppercase and lowercase characters including numbers and symbols.
+ Use different passwords for each website login. If your password is the same for every site, hackers will easily be able to access all of your personal information.
+ Use a password manager to organise passwords, generate secure random passwords and automatically log in to websites.