'Starwars' appears on list of worst passwords of 2017

The world's love for Star Wars has turned into a security problem, says SplashData and its list of the bad passwords leaked in 2017.

Amanda Kooser
Freelance writer Amanda C. Kooser covers gadgets and tech news with a twist for CNET. When not wallowing in weird gear and iPad apps for cats, she can be found tinkering with her 1956 DeSoto.
Amanda Kooser
2 min read
Enlarge Image

Just say no to using "starwars" as a password.

Screenshot by Amanda Kooser/CNET

Listen up, Star Wars fans. You'll be better served by a password like "LukeSkywalkerR2D2RocktheForce" or "PoeNFinn4ever" than just plain "starwars." On Tuesday, SplashData, a provider of password management applications, released its annual worst-passwords list, and there were some real clunkers in 2017.

The most notable newcomer this year was "starwars," which appears on the list in the No. 16 slot, just below the incumbent "abc123." Other newbies include the self-explanatory "letmein" (No. 7), the sweet "iloveyou" (No. 10) and the flippant "whatever" (No. 23). The top bad password of 2017 is the awful "123456," which is also the reigning champion from the 2016 list.

SplashData looked at 5 million leaked passwords, mainly from North American and Western European users. Those passwords were revealed by hacking attacks throughout 2017, though SplashData chose not to include passwords leaked from the Yahoo email breach or from hacks of adult websites. 

SplashData CEO Morgan Slain warns against the use of "starwars," saying, "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."

This isn't the first time Star Wars has appeared on the list. The 2015 edition also included "starwars," down in the No. 25 slot. The rise of Star Wars passwords coincides with the years that have featured big movie openings from the main branch of the franchise, including 2015's "The Force Awakens" and 2017's "The Last Jedi."

Here are SplashData's Top 25 worst passwords:

1 - 123456 (ranking unchanged since 2016 list) 
2 - password (ranking unchanged) 
3 - 12345678 (up 1) 
4 - qwerty (up 2) 
5 - 12345 (down 2) 
6 - 123456789 (new) 
7 - letmein (new) 
8 - 1234567 (Unchanged) 
9 - football (down 4) 
10 - iloveyou (new) 
11 - admin (up 4) 
12 - welcome (unchanged) 
13 - monkey (new) 
14 - login (down 3) 
15 - abc123 (down 1) 
16 - starwars (new) 
17 - 123123 (new) 
18 - dragon (up 1) 
19 - passw0rd (down 1) 
20 - master (up 1) 
21 - hello (new) 
22 - freedom (new) 
23 - whatever (new) 
24 - qazwsx (new) 
25 - trustno1 (new)  

You can check out the entire top-100 list here (PDF) and revel in the inanity and insanity of passwords like "cheese" and "121212."

'Alexa, be more human': Inside Amazon's effort to make its voice assistant smarter, chattier and more like you.

Virtual reality 101: CNET tells you everything you need to know about VR.