Passwords represent a critical vulnerability for most organizations today, as employees remain the number 1 cause of company data breaches. However, that hasn't stopped many people from continuing to use default or easy-to-guess passwords for work and personal accounts, leading to increased risk of security incidents.
Andy Dehon, information technology manager for Grand Rapids State Bank and Minnesota Lakes Bank, noted that online security and password protection are key issues for community banks.
“The federal and state agencies that regulate our banks pay special attention to how well we protect our customers’ accounts, and online security is a significant aspect of what we do,” said Dehon. “We also find it prudent to pass along best-practice information to our customers, including our business customers, so can benefit from knowing what works well. Providing this information may help them prevent a security disaster at some point.”
In its annual report of worst passwords of the year, SplashData, a provider of security applications and services based in Los Gatos, California, examined more than 5 million passwords leaked during 2017. This year, "starwars" joined the list at no. 16.
"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, 'starwars' is a dangerous password to use," Morgan Slain, CEO of SplashData, Inc., said in a press release. "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."
Taking the top two spots for the fourth consecutive year are the old standbys, "123456" and "password." A number of variations of each, such as "123456789" and "passw0rd" also made the list.
"Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure," says Slain. "Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online."
Here are the top 20 worst passwords of 2017:
Needless to say, if your password is found on this list, you should change it immediately. SplashData recommends using phrases of 12 characters or more, with mixed types of characters including upper and lower cases. Users should also create different passwords for each login.