Password management provider SplashData has revealed the worst passwords of 2017 and found that they are still ridiculously bad and lazy.
After trawling through the more than five million passwords that have leaked over the past year, mostly in North America and Western Europe, the California-based company said any one of the passwords included in its list of 100 worst passwords of the year would put users at "grave risk" of identity theft.
Despite the seemingly endless litany of major devastating breaches and leaks over the past two years, researchers said people still rely on dangerously weak, easy-to-remember strings of characters to secure their online accounts.
Security experts have also long warned users against the seemingly benign but dangerous habit of using the same easy password across various platforms and websites. Many people also resort to using familiar words and phrases such as the their family or spouse's name, date of birth or even their favorite movie.
With fervent anticipation and excitement surrounding the recent premiere of Star Wars: The Last Jedi, SplashData said even "starwars" managed to make it to its annual list.
"Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words," Morgan Slain, CEO of SplashData, said.
For the fourth year in a row, "123456" took the top spot as the worst password of the year followed by "password". Naturally, variations of these two such as extra digits or replacing the "o" with a "0" (zero) in "password" were also included in the list.
According to SplashData, an estimated 10% of internet users have used at least one of the 25 worst passwords on this year's list. Nearly 3% of them have likely used "123456" as their password.
Other popular but terrible passwords that made to the list were "iloveyou", "letmein", "money", "whatever" and "trustno1".
"One other new entry is 'qazwsx' from the two left columns on standard keyboards – demonstrating the importance of avoiding simple patterns," SplashData notes.
"Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure," Slain explained. "Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online."
Check out the complete list of top 100 worst passwords of 2017 on SplashData's website. Here are the 25 most common passwords of 2017: