[BreachExchange] Hey Genius, 'Starwars' Is a Terrible Password

Destry Winant destry at riskbasedsecurity.com
Wed Dec 20 22:14:34 EST 2017


https://www.pcmag.com/news/358055/hey-genius-starwars-is-a-terrible-password

It's probably safe to say that everyone on the internet knows by now that
using easy-to-guess, insecure passwords like "123456" or "password" is a
bad idea. But as it turns out, many still don't care.

Password management application provider SplashData on Tuesday released a
list of the 100 Worst Passwords of 2017, compiled from more than 5 million
passwords leaked during the year. For a fourth consecutive year, "123456"
and "password" took the top two spots on the list.

The list included plenty of other usual suspects like "qwerty" (No. 4),
"football" (No. 9), "iloveyou" (No. 10), and "admin" (No. 11), along with
some new additions, including "starwars," which ranked as the 16th worst
password of 2017.

"Unfortunately, while the newest episode may be a fantastic addition to the
Star Wars franchise, 'starwars' is a dangerous password to use," SplashData
CEO Morgan Slain said in a statement. "Hackers are using common terms from
pop culture and sports to break into accounts online because they know many
people are using those easy-to-remember words."

Other new additions to the list this year included "letmein" (No. 7),
"monkey" (No. 13), "123123" (No. 17), "hello" (No. 21), "freedom" (No. 22),
"whatever" (No. 23), and "trustno1" (No. 25). SplashData warned that using
any of the passwords on the top 100 list "would put users at grave risk for
identity theft."

The company recommends using passphrases instead of simple passwords,
mirroring adviceearlier this year from the National Institute of Standards
and Technology. Passphrases should include at least 12 characters and a mix
of characters, including upper and lower cases, SplashData recommended.
Users should also be sure to set a unique password for each website, and
consider using a password manager.

Without further ado, here's SplashData's list of the top 25 worst passwords
of 2017. To see the full 100, click here
<https://13639-presscdn-0-80-pagely.netdna-ssl.com/wp-content/uploads/2017/12/Top-100-Worst-Passwords-of-2017a.pdf>
.

1 - 123456
2 - password
3 - 12345678
4 - qwerty
5 - 12345
6 - 123456789
7 - letmein
8 - 1234567
9 - football
10 - iloveyou
11 - admin
12 - welcome
13 - monkey
14 - login
15 - abc123
16 - starwars
17 - 123123
18 - dragon
19 - passw0rd
20 - master
21 - hello
22 - freedom
23 - whatever
24 - qazwsx
25 - trustno1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171220/2301db1e/attachment.html>


More information about the BreachExchange mailing list