- The top most-used password, for the fourth year in a row, is "123456," according to the annual SplashData report of the 100 worst passwords of 2017. "Password" came in second while other noteworthy contenders included "letmein," "trustno1" and "blahblah."
- Star Wars fans boosted "starwars" to the No. 16 spot on the list, but it is a "dangerous password to use" because hackers tend to use current pop culture events to break into systems, said Morgan Slain, CEO of SplashData.
- Adding simple variations like replacing an "o" with a "0" is not enough to thwart bad actors as those discrepancies still appeared on the list. About 10% of people have used at least one of the passwords that appears on the list.
About 300 billion passwords are at risk of being compromised by 2020 and could end up costing up to $6 trillion by 2021.
Having strong password credentials is one of the basic tenants of cybersecurity. It is easy to use one password for multiple sites, but it is encouraged to make a new one for each login with at least 12 characters, according to the report.
About 81% of all breaches are a result of mishandling credentials. This puts IT departments at the forefront of protecting its company's technical infrastructure from weak authentication, especially for privileged or administrative accounts. Requiring multi-factor authentication with encryption or fingerprinting can help deter security incidents stemming from negligence.
Even malware attacks, like Nyetya, can manipulate weak passwords to continue unauthorized access through systems. This is not a new technique for hackers, but the malware behind Nyetya automated the task, making its infiltration rapid.