10 Most Common Passwords

Posted by Andy on September 08, 2009
Privacy, Security, Tech Tips

A note on Passwords.  If yours is on the list below, change it now.  Seriously, it’s just not secure. 

In doing some research on this topic, I came across a lot of scary stats.  There was a MySpace exploit not that long ago from which a lot of password data was generated.  Have a look at the write up here.  The gist of the report is that for the most part, people are getting better at using good passwords, but there are significant number of passwords that are easy to guess.  In addition, the article makes the very good point that passwords are just a bad way to secure things because crackers are getting better and better. 

None of this changes the reality that passwords have outlived their usefulness as a serious security device. Over the years, password crackers have been getting faster and faster. Current commercial products can test tens — even hundreds — of millions of passwords per second. At the same time, there’s a maximum complexity to the passwords average people are willing to memorize (.pdf). Those lines crossed years ago, and typical real-world passwords are now software-guessable. AccessData’s Password Recovery Toolkit would have been able to crack 23 percent of the MySpace passwords in 30 minutes, 55 percent in 8 hours.

So, back to the list of passwords – this list is from PC Magazine:

  • password
  • 123456
  • qwerty
  • abc123
  • letmein
  • monkey
  • myspace1
  • password1
  • link182
  • (your first name)

To expand on this list, here are some common password themes (source):

  • 123456, 123, 123123, 01234, 2468, 987654, etc
  • 123abc, abc123, 246abc
  • First Name
  • Favorite Band
  • Favorite Song
  • first letter of given name then surname
  • qwerty, asdf, and other keyboard rolls
  • Favorite cartoon or movie character
  • Favorite sport, or sports star
  • Country of origin
  • City of origin
  • All numbers
  • Some word in the dictionary
  • Combining 2 dictionary words
  • any of the above spelled backwards
  • aaa, eee, llll, 999999, and other repeat combinations

If you recognize you password or your password tendencies on the lists above, change them!  You should always use what are called “Strong” passwords.  Microsoft defines strong passwords as follows:

A strong password:

  • Is at least seven characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete dictionary word.
  • Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 …) are not strong.
  • Contains characters from each of upper case letters, lower case letters, numerals and symbols (all keyboard characters not defined as letters or numerals)

The best passwords are random – generate it once, remember it forever and you are secure.  PC Tools has a great generator here.  It stinks to have to remember something that is not intuitive, but it’s way better than identity theft.

Comments are closed.