The Worst Passwords of 2017

December 19, 2017 - SplashData Expands its Tradition

I've been using SplashID, one of the password solutions from SplashData, for a very long time. As a customer, it was easy to find the company's list of bad passwords. I consider the list a tremendous public service because it is not created from casual observation but instead derived from a huge, five million item list of leaked passwords.

This year's list can be found at (TeamsID is one of SplashData's products and this year's marketing beneficiary of the list). This year the list got longer, 100 terrible passwords instead of 25 in previous years.

I have spent quite a bit of time over the past few years advising my clients about the simple measures they can take to improve their personal security and I have always made SplashData's list a cornerstone of my pitch. It nevertheless appalls me to find some of the same horrible passwords at the very top of this year's list. I mean, 123456? Really?

Unfortunately, really. This past year I discovered that one of my clients was using one of this year's top 100 and, worse, extensively violating both golden rules of passwords - choose good passwords and use a different password for every account, no matter how innocuous the account may seem.

SplashData's list also shines a beacon on what is clearly a serious problem with systems that allow such ridiculous passwords. My Web site content manager, SiteCommander, will not allow a user to choose any of this year's top 100. A year ago that was not the case and my clients grumbled a bit about coming up with the stronger passwords needed to comply with the new, tougher rules. Shouldn't Amazon and your bank insist on heavy-duty credentials?

The big problem with good passwords, of course, is remembering them. That's why SplashData and others are in business - to provide you with the mechanism to remember all those tough passwords. You may not like the password 2b[#1^Q5*v71 because you can't possibly remember it, but SplashID can recall it for you.

Take a look at this year's list. If you are using any of the top 100 or any variant of them, change those passwords today.