05 June 2006 | 51,961 views

The Top 10 Most Common Passwords

Check Your Web Security with Acunetix

A pretty interesting article that statistically measured the frequency of passwords by taking an aggregate sample of passwords (primarily from the UK).

Here are listed the most commonly occurring from the sample.

10. ‘thomas’ (0.99%)

First off, at number 10, is the most common format of passwords – the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.

We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.

9. ‘arsenal’ (1.11%)

Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word ‘arsenal’ starts with a 4-letter swear word – another popular choice when it comes to passwords.

Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.

8. ‘monkey’ (1.33%)

Quite why the monkey makes it into 8th place is beyond me, but the fact that it’s a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.

Still, it’s quite worrying that there’s such a trend – perhaps the internet and monkeys are inextricably linked?

7. ‘charlie’ (1.39%)

Another name – nowhere near as common a name as No. 10, Thomas, but it’s our most popular name-based password overall.

Could of course, be a homage to a number of famous Charlies – Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they’re referring to it’s slang usage.

6. ‘qwerty’ (1.41%)

I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them – which would explain why 1 in 700 people choose ‘qwerty’ as their password.

5. ‘123456’ (1.63%)

Can you count to 6? It’s the most common minimum required length of password – and the 5th most common password.

4. ‘letmein’ (1.76%)

A modern-day version of ‘open sesame’ – and 1 person in 560 will type ‘letmein’ as their password. Quite why is beyond me.

I could be mistaken, but I have a hunch that ‘letmein’ has been featured in a movie or TV series – Fox Mulder’s password from the X Files – ‘trustno1′ – also ranked quite highly.

3. ‘liverpool’ (1.82%)

The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?

Liverpool ranked 3rd in the average attendance ratings – leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list – perhaps because they’re too long and difficult to type.

2. ‘password’ (3.780%)

Akin to pressing the ‘any’ key, when told to enter a ‘password’, it would seem that users aren’t the sharpest tool in the box – with almost 1 in 250 people choosing the word ‘password’.

1. ‘123’ (3.784%)

With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), ‘123’ must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!

Source: Modern Life is Rubbish



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- The 25 Worst Passwords Of 2013 – “password” Is Not #1
- CUPP – Common User Passwords Profiler – Automated Password Profiling Tool
- Password Hasher Firefox Extension

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,137,858 views
- Hack Tools/Exploits - 581,763 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 414,465 views

Low-cost VPS Hosting

17 Responses to “The Top 10 Most Common Passwords”

  1. clarence 5 June 2006 at 7:47 am Permalink

    nice one..

  2. rik 5 June 2006 at 8:00 am Permalink

    ‘123’ (3.784%)
    With nearly 4 people in 1,000 opting for a simple numerical sequence

    Sorry to be pedantic (I know it’s quoted from the source), but 3.7% is nearly 4 in 100 people, not 1000.

  3. backbone 5 June 2006 at 9:19 am Permalink

    it’s seem’s quite imposibile to me that 4 in 100 people (as rik said) choose 123 as a password

  4. rik 5 June 2006 at 10:21 am Permalink

    Just re-read the article, I was wrong! It’s ‰ (a tenth of %) not %. So it *is* 4 in 1000 people!

  5. Tan Yee Wei 5 June 2006 at 11:46 am Permalink

    Interesting article. Incidentally, I have a friend who uses the ‘123’ string for naming unimportant documents he sends to me.

    And as his nickname when playing games at cyber cafes.

  6. Navaho Gunleg 14 June 2006 at 4:09 pm Permalink

    I wonder how do they come up with these results? I’d fill in ‘123’ on any survey asking for my password, too…

  7. Darknet 14 June 2006 at 4:18 pm Permalink

    By cracking them usually and graphing the results.

  8. Navaho Gunleg 14 June 2006 at 5:11 pm Permalink

    Ah I see — the article didn’t mention any of that.

    But isn’t that illegal? ;)

  9. Darknet 14 June 2006 at 5:36 pm Permalink

    Not during a pen-test, it’s part of the job, I’ve done the same excercise before and reported the results.

    I guess if you didn’t mention any of the organisations the results were from there would be nothing wrong with it.

  10. WI-FI-FUCKED 15 October 2006 at 5:10 am Permalink

    Figures, arsenal and 1234567 besides if your looking to crack any WPA in the united states try , imanidiot, god , jesus, mylordansavor, ihavenoedu, fuckliberals, domination, watistelnet , fukmiquik, ihatejews, ihateniggers, kkkalldaway, killevry1 ( if numeral opion is available)

  11. Joe 7 February 2008 at 5:33 pm Permalink

    This was a very interesting read. Next time i’m trying to guess a password for whatever reason i’ll be sure to type in this list.

  12. eM3rC 8 February 2008 at 3:36 am Permalink

    Wow this is awesome.
    I though I saw a post like this but the top passwords were things like sex, god, hacker, etc

    Glad my passwords are a little more complicated…

    Isn’t the rule of thumb to have a word/letters some #s and possibly extra characters (!,%, etc)?

  13. Pantagruel 8 February 2008 at 1:05 pm Permalink

    rule of thumb is ok, but most users repeatedly chose a weak password just because they are afraid that they might forget a strong one. The once they consider strong are usually a permutation of name and birthday of spouse or other family members (for the singles take car brand, pet name, etc)

  14. eM3rC 9 February 2008 at 8:31 am Permalink

    I think that using the first letters from a phrase or group of people you know in combination with letters, numbers and special characters might be an easy to remember and secure password.

    Theres also the option of a post-it note or writing it down on a piece of paper and hiding it :)

  15. Mike Touch 7 April 2008 at 4:39 pm Permalink

    Interesting post, cheers.
    Time to change my passwordsl ol

  16. James C 7 April 2008 at 4:53 pm Permalink

    Most common password in the english speaking world is password1.
    http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
    http://blog.washingtonpost.com/securityfix/2007/01/myspace_phishers_hook_hundreds.html

  17. Prospero 26 April 2008 at 9:04 am Permalink

    I’m pleased to see that alot caught the number 1 most common password’s “Nearly 4 in 1000 mistake” My question is, which part is wrong? Is it nearly 4/10ths of 1% or nearly 4%, if it is the former, then does that mean all of them are off by one decimal place, I say this because if you add up the percentages of the top passwords, It’s hard to swallow that those passwords could account for such a large percentage, in my experience it’s hard to believe that those 10 passwords come close to accounting for almost 1 in 6 passwords. Does anyone else think this is a bit high?
    Prospero