Industry News

‘Starwars’ is a ‘dangerous’ password to use, says SplashData

‘Starwars’ is one of the newest additions to 2017’s Worst Passwords of the Year list, as determined by SplashData in its annual report. According to the company’s CEO, this password is “dangerous.”

Millions continue to use easily guessable passwords despite countless reports of hacks, ransomware attacks, extortion attempts and state-sponsored data breaches in the past few years.

For the fourth year in a row, “123456” and “password” retain their top two spots as the worst passwords people use to log into their accounts, according to a new list compiled by SplashData for its annual password-strength assessment.

Currently at its seventh iteration, the Worst Passwords report puts “starwars” at #16 in the list. The data was gathered from more than 5 million passwords leaked during 2017.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData, Inc. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

The only sport to crack the Top 25 was “football,” but this year it dropped four spots to #9. “iloveyou” takes the #10 spot, replacing “loveme.”

In addition to “starwars,” new appearances on the list include “letmein”, “monkey”, “hello”, “freedom”, “whatever” and “trustno1.”

A notable, pattern-centric password that’s still very easy to guess is “qazwsx” (from the two left columns on a standard QUERTY keyboards). It occupies the 24th position on the list. “trustno1” takes the 25th spot. Full list below:

1 – 123456 (rank unchanged since 2016 list)

2 – password (unchanged)

3 – 12345678 (up 1)

4 – qwerty (Up 2)

5 – 12345 (Down 2)

6 – 123456789 (New)

7 – letmein (New)

8 – 1234567 (Unchanged)

9 – football (Down 4)

10 – iloveyou (New)

11 – admin (Up 4)

12 – welcome (Unchanged)

13 – monkey (New)

14 – login (Down 3)

15 – abc123 (Down 1)

16 – starwars (New)

17 – 123123 (New)

18 – dragon (Up 1)

19 – passw0rd (Down 1)

20 – master (Up 1)

21 – hello (New)

22 – freedom (New)

23 – whatever (New)

24 – qazwsx (New)

25 – trustno1 (New)

Most of the leaked passwords evaluated for the 2017 list were used in North America and Western Europe.

An estimated 10% of people have used at least one of the 25 worst passwords listed above. As much as 3% of the world’s population is said to rely on the utmost guessable password, “123456.”

You should always create a strong password containing between 8 and 12 characters, upper case letters and numbers. Ideally, you should employ a different password for each one of your accounts.

Bitdefender Password Manager – part of the Wallet feature in Bitdefender antivirus solutions – remembers your passwords for you so you don’t have to.

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.