Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • For the fourth consecutive year, “123456” and “password” topped the list of leaked passwords. –SplashData, 2017
  • To improve security, create passwords that use phrases of 12 characters or more, with mixed types of characters including upper and lower cases. –SplashData, 2017

Passwords represent a critical vulnerability for most organizations today, as employees remain the no. 1 cause of company data breaches. However, that hasn’t stopped many people from continuing to use default or easy-to-guess passwords for work and personal accounts, leading to increased risk of security incidents.

In its annual report of worst passwords of the year, SplashData examined more than 5 million passwords leaked during 2017. This year, “starwars” joined the list at no. 16.

“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” Morgan Slain, CEO of SplashData, Inc., said in a press release. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

SEE: Password Management Policy (Tech Pro Research)

Taking the top two spots for the fourth consecutive year are the old standbys, “123456” and “password.” A number of variations of each, such as “123456789” and “passw0rd” also made the list.

“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” says Slain. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”

Here are the top 20 worst passwords of 2017:

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

6. 123456789

7. letmein

8. 1234567

9. football

10. iloveyou

11. admin

12. welcome

13. monkey

14. login

15. abc123

16. starwars

17. 123123

18. dragon

19. passw0rd

20. master

Needless to say, if your password is found on this list, you should change it immediately. SplashData recommends using phrases of 12 characters or more, with mixed types of characters including upper and lower cases. Users should also create different passwords for each login.

For more tips on how to create a strong password, click here.