Worst Passwords of 2017 Include '123456' and 'Password'

by

SplashData today published its annual list of the worst passwords of the year, using data pulled from over five million passwords that were leaked across 2017 by hackers.

Despite many well-publicized major data leaks in 2016 and 2017, many people continue to use weak passwords that are easily guessed. "123456" and "Password," for example, were the two most popular passwords SplashData came across, as they have been for several years running.

worst passwords 2017
Other passwords in the top 10 of the worst passwords list included "12345678," "qwerty," "12345," "123456789," "letmein," "1234567," "football," and "iloveyou." "Monkey," "123123," and "starwars" also made the list this year, as new easily guessable passwords people have adopted. Passwords made up of a single word or consecutive number string are dangerous because they're so easy to guess.

"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, 'starwars' is a dangerous password to use," said Morgan Slain, CEO of SplashData, Inc. "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."

With data breaches from major companies so common, a strong password that consists of multiple random words or multiple numbers, letters, and characters is essential, and it's also important not to use the same password for more than one account.

Safari has built-in password generating features, and passwords can also be stored in the Keychain and accessed on all of your iOS and Mac devices. Password management apps like 1Password, LastPass, or SplashID can also make remembering and managing multiple passwords simple.

SplashData publishes its annual list to encourage people to use stronger passwords. This year, the company's data came primarily from North America and Western Europe, culled from data leaks. Yahoo data and data from adult websites was not included.

In 2017, there were several major data leaks from companies that included Verizon, Saks Fifth Avenue, Deloitte, and Uber, along with a huge Equifax breach that exposed the personal information of millions of people.

Popular Stories

iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Later This Year With These 12 New Features

Thursday January 15, 2026 10:56 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another eight months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of January 2026: The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID...
Read Full Article70 comments
2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, Macs, and More

Thursday January 15, 2026 11:19 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the United States, according to the company's website. Most of the values declined slightly, but some of the Mac values increased. iPhone ...
Read Full Article54 comments
iPhone Top Left Hole Punch Face ID Feature Purple

New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More

Wednesday January 14, 2026 7:09 am PST by
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices. In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max. Consistent with previous...
Read Full Article65 comments
Verizon New

Verizon Offering $20 Credit After Major Outage, Here's How to Get It

Thursday January 15, 2026 7:37 am PST by
Verizon today announced it will be offering customers a $20 account credit after a major outage on Wednesday, and action is required to receive it. The carrier said affected customers can accept the credit by logging into the My Verizon app, but it might take some time before this option shows up in the app. Affected customers will receive a text message when the credit is available. On...
Read Full Article50 comments
Apple MacBook Pro M4 hero

These 5 Apple Products Will Reportedly Be Upgraded With OLED Displays

Friday January 16, 2026 7:07 pm PST by
Apple plans to upgrade the iPad mini, MacBook Pro, iPad Air, iMac, and MacBook Air with OLED displays between 2026 and 2028, according to DigiTimes. Bloomberg's Mark Gurman previously reported that the iPad mini and MacBook Pro will receive an OLED display as early as this year, but he does not expect the MacBook Air to adopt the technology until 2028 at the earliest. A new iPad Air is...
Read Full Article58 comments

Top Rated Comments

infinitedreams Avatar
infinitedreams
106 months ago
Worst username/password combination...

Username: root
Password:
Score: 42 Votes (Like | Disagree)
djeeyore25 Avatar
djeeyore25
106 months ago
"That's amazing! I've got the same combination on my luggage!"
Score: 16 Votes (Like | Disagree)
oneMadRssn Avatar
oneMadRssn
106 months ago
Hey guys, look what I discovered. If you try to post you password on this forum, it automatically replaced it with asterisks.

Look, this is my password: ********

Try it!
Score: 10 Votes (Like | Disagree)
potatis Avatar
potatis
106 months ago
Score: 5 Votes (Like | Disagree)
Christoffee Avatar
Christoffee
106 months ago
These lists comes out every year.

Why don't the websites themselves incorporate this list into the mechanism that accepts your new password?

A lot of sites have, at minimum, a way to tell you if your password isn't long enough. And some also tell you that you need a number or uppercase letter.

Frankly... I'm not sure I'd wanna do business with a website that allows "123456" as a password. :p

Oh I'm still blaming the user overall... but I think the websites could help fix this terrible habit.
While I get what you're saying, rules imposed by websites infuriate me. I have a password system, that allows me to have long, unique passwords for everysite. It incorporates a number, a caps, and a sign. When i set my password and a website tells me that it must have at least two numbers I'm :mad:! The password is unique and 19 characters long! And you're telling me that I should use "monkey69".
Score: 5 Votes (Like | Disagree)
SeminalSage Avatar
SeminalSage
106 months ago
Hey guys, look what I discovered. If you try to post you password on this forum, it automatically replaced it with asterisks.

Look, this is my password: ********

Try it!
My password: ********

Holy cow, you were right!
Score: 5 Votes (Like | Disagree)
Read All Comments