End-of-year lists are upon us, and with them, we get a good look at our highs and lows, peaks and valleys. Our most wonderful ideas and our worst actions. And, hoo boy, 2017's worst passwords list shows us how very lazy we can be. I mean, honestly, this list is a collective moment of shame for all the lazy people out there. (Holla.)
Every year, SplashData, a company that creates security applications meant to protect identities and, yes, passwords, puts together a list of the most popular painfully hackable passwords, and this year's list, published in part by The New York Times, is a doozy.
The company's analysis is based on 5 million leaked passwords from the past year, and SplashData stated in a press release that they hope the list will not only be funny, but will teach people to be more careful about how they secure their accounts.
Topping the list this year are "123456" and "password." For the fourth consecutive year. It's really, really hard to imagine a lazier password, except maybe "asdf" or "poop." (A real password one of my old classmates had. Surprisingly, his school account got hacked a few times.)
Then, for the cool (but lazy and security-compromised) people out there, "whatever" was the 23rd worst password this year. Yeah, whatever, I mean, I guess I don't care if my bank or my neopets account is broken into. All my 'pets are starving, anyways.
Then there's "letmein" at number 7, which is new to the list. "123456789" is also new, though it came in at number 6, screaming out of the gates to the finish.
My favorite one may just be number 25, which is new this year: "trustno1." I love the irony, because obviously the myriad people who chose it can't even trust themselves. *tin foil hat*
Interestingly, "starwars" is number 16.
SplashData CEO Morgan Slain explained in the company's press release why "starwars" found its way onto the list: because The Last Jedi has Star Wars on everyone's brains.
Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use. Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.
There is literally no excuse for these. I mean, "password"? What is this, 1998? No, it's 2017, and "password" is the second most popular bad password this year, and I am absolutely tutting my head off right now. It is so painfully easy to generate safe passwords, whether by googling "password generator" or using a password manager like LastPass.
And anyways, how do you people get away with something like "monkey" anyways? I haven't been able to create a new password without at least one special character, an upper-case letter, and a number in years. What kinds of websites are you visiting?
Though, OK, maybe this is all a bit harsh.
To lazy people's credit, some of the most common passwords — like "Starwars" and "monkey" — are pretty sweet. I mean, they're just creative: the frustration of forgetting a password, and yelling, "let me the f*ck in!" at your screen would be the perfect reminder that your password is "letmein." So, not your basic "asdf1234" of yesteryear.
But, obviously, they're still super easy to guess, so for the love of your LiveJournal, just get a password manager or something. And yeah, it's a pain to include a special character, a number, a space, and the first pet your grandmother's estranged sister had after high school, but I'd rather have a complicated password than a compromised Twitter account.
And with that in mind, let's do a little bit better than "password" for a password in 2018, OK guys? Go with something like "1pAssw@rd!" At the very least.