Of course you don’t reuse your password on more than one system, do you? Of course you don’t. You’re a saavy computer user, having used them almost your whole work career, or maybe you made your first password right after you learned to read.
But are you you really that clever?
Perhaps looking at the 100,000 most used passwords from data breaches would change your mind. Here are the top 30 passwords:
123456
123456789
qwerty
password
111111
12345678
abc123
1234567
password1
12345
123123
000000
iloveyou
1234
1q2w3e4r5t
qwertyuiop
123
monkey
dragon
123456a
654321
123321
666666
1qaz2wsx
myspace1
121212
homelesspa
123qwe
a123456
123abc
Many of these are obvious variations on a theme, but some are surprising, like “monkey,”, “dragon,” and my favorite top 30: “homelesspa.”
From Where Did this Password List Come?
This list came from a websited called haveibeenpowned.com, a website that collects the data from databreaches where you can determine if your email has been compromised. These are passwords from those data breaches. 10,000 seems to be a pretty good sample size to assume these really are the most common. It’s fun searching the text file to see if an old password of yours is in the file. It may be fun to see how clever you really aren’t when it came to choosing a password.
There are 103 variations on “iloveyou,” 186 variations on “password,” 220 variations on “qwerty,” 14 variations on “coffee,” 138 variations on “jesus,” and 368 variations on “sex.” Have fun looking for other phrases that tickle your imagination.
So What?
This is interesting for a few reasons. Firstly, this list can be used by hackers to create variations of passwords they can use to repeatedly try new passwords in order to break in by brute force. They can use programs like John the Ripper, but there are tons of other programs as well. Here’s a list of 25 of these programs.
Hackers realize that it’s hard to memorize things, so there’s a good chance that if they get a hold of a password of yours, they’ll be able to get into more than one account of yours. They also know that when updating passwords, you’re likely to increment by 1. So “MyPassword2” becomes “MyPassword3.” Or that you’ll likely substitue numbers for letters, making “pa55word” easily guessable.