Strong passwords, these were not.
Each year, security company SplashData ranks the most common-and worst-passwords. Now that Star Wars: The Last Jedi has been released, “starwars” and similar variants are among the worst passwords used in 2017, coming in at number 16 on their list. Variants of "passw0rd" and keyboard patterns are also highly ranked.
“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” said Morgan Slain, CEO of SplashData, in a statement.
“123456” is consistently the worst password of the year, followed by “password", though new entrants into the list include “123456789” (No. 6) and “letmein” (No. 7).
To keep your accounts safer, consider making the following resolutions for 2018:
Think passphrase instead of password. Experts originally suggested complex passwords with a variety of numbers, uppercase and lowercase letters, and symbols, but recent trends show that length is the primary strengthening factor. Consider using several words in succession, then tweak it with numbers or symbols you can more easily recall, such as My2015prius!isblack.
Use two-factor authentication. More websites are offering two-factor or multi-factor authentication, which prevents your password or passphrase from acting as the sole protection to your personal information. Setup is simple, and you can usually request a text message with numeric code or confirmation through an authenticator app to verify your identity.
Make values unique. Use a different passphrase for every website. Once attackers have a password, they will try to use it on hundreds of other websites and services, greatly increasing the impact of a compromise.
Consider using a password manager. The average American has more than 90 online accounts. If you're using a unique value on each site, it won't be possible to remember every single one. Password managers such as Dashlane, LastPass, and 1Password offer automatically generated, unique passwords for the sites you use. You will have one master passphase to remember and secure in order to access the manager. Protect it with two-factor authentication!
If you have questions or would like to learn more about these tips, email firstname.lastname@example.org.
—Peter Lundstedt, Director, Information Security & Compliance, ITS