A pretty interesting article that statistically measured the frequency of passwords by taking an aggregate sample of passwords (primarily from the UK).
Here are listed the most commonly occurring from the sample.
10. ‘thomas’ (0.99%)
First off, at number 10, is the most common format of passwords – the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.
We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.
9. ‘arsenal’ (1.11%)
Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word ‘arsenal’ starts with a 4-letter swear word – another popular choice when it comes to passwords.
Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.
8. ‘monkey’ (1.33%)
Quite why the monkey makes it into 8th place is beyond me, but the fact that it’s a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.
Still, it’s quite worrying that there’s such a trend – perhaps the internet and monkeys are inextricably linked?
7. ‘charlie’ (1.39%)
Another name – nowhere near as common a name as No. 10, Thomas, but it’s our most popular name-based password overall.
Could of course, be a homage to a number of famous Charlies – Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they’re referring to it’s slang usage.
6. ‘qwerty’ (1.41%)
I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them – which would explain why 1 in 700 people choose ‘qwerty’ as their password.
5. ‘123456’ (1.63%)
Can you count to 6? It’s the most common minimum required length of password – and the 5th most common password.
4. ‘letmein’ (1.76%)
A modern-day version of ‘open sesame’ – and 1 person in 560 will type ‘letmein’ as their password. Quite why is beyond me.
I could be mistaken, but I have a hunch that ‘letmein’ has been featured in a movie or TV series – Fox Mulder’s password from the X Files – ‘trustno1’ – also ranked quite highly.
3. ‘liverpool’ (1.82%)
The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?
Liverpool ranked 3rd in the average attendance ratings – leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list – perhaps because they’re too long and difficult to type.
2. ‘password’ (3.780%)
Akin to pressing the ‘any’ key, when told to enter a ‘password’, it would seem that users aren’t the sharpest tool in the box – with almost 1 in 250 people choosing the word ‘password’.
1. ‘123’ (3.784%)
With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), ‘123’ must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!
Source: Modern Life is Rubbish
clarence says
nice one..
rik says
Sorry to be pedantic (I know it’s quoted from the source), but 3.7% is nearly 4 in 100 people, not 1000.
backbone says
it’s seem’s quite imposibile to me that 4 in 100 people (as rik said) choose 123 as a password
rik says
Just re-read the article, I was wrong! It’s ‰ (a tenth of %) not %. So it *is* 4 in 1000 people!
Tan Yee Wei says
Interesting article. Incidentally, I have a friend who uses the ‘123’ string for naming unimportant documents he sends to me.
And as his nickname when playing games at cyber cafes.
Navaho Gunleg says
I wonder how do they come up with these results? I’d fill in ‘123’ on any survey asking for my password, too…
Darknet says
By cracking them usually and graphing the results.
Navaho Gunleg says
Ah I see — the article didn’t mention any of that.
But isn’t that illegal? ;)
Darknet says
Not during a pen-test, it’s part of the job, I’ve done the same excercise before and reported the results.
I guess if you didn’t mention any of the organisations the results were from there would be nothing wrong with it.
WI-FI-FUCKED says
Figures, arsenal and 1234567 besides if your looking to crack any WPA in the united states try , imanidiot, god , jesus, mylordansavor, ihavenoedu, fuckliberals, domination, watistelnet , fukmiquik, ihatejews, ihateniggers, kkkalldaway, killevry1 ( if numeral opion is available)
Joe says
This was a very interesting read. Next time i’m trying to guess a password for whatever reason i’ll be sure to type in this list.
eM3rC says
Wow this is awesome.
I though I saw a post like this but the top passwords were things like sex, god, hacker, etc
Glad my passwords are a little more complicated…
Isn’t the rule of thumb to have a word/letters some #s and possibly extra characters (!,%, etc)?
Pantagruel says
rule of thumb is ok, but most users repeatedly chose a weak password just because they are afraid that they might forget a strong one. The once they consider strong are usually a permutation of name and birthday of spouse or other family members (for the singles take car brand, pet name, etc)
eM3rC says
I think that using the first letters from a phrase or group of people you know in combination with letters, numbers and special characters might be an easy to remember and secure password.
Theres also the option of a post-it note or writing it down on a piece of paper and hiding it :)
Mike Touch says
Interesting post, cheers.
Time to change my passwordsl ol
James C says
Most common password in the english speaking world is password1.
http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
http://blog.washingtonpost.com/securityfix/2007/01/myspace_phishers_hook_hundreds.html
Prospero says
I’m pleased to see that alot caught the number 1 most common password’s “Nearly 4 in 1000 mistake” My question is, which part is wrong? Is it nearly 4/10ths of 1% or nearly 4%, if it is the former, then does that mean all of them are off by one decimal place, I say this because if you add up the percentages of the top passwords, It’s hard to swallow that those passwords could account for such a large percentage, in my experience it’s hard to believe that those 10 passwords come close to accounting for almost 1 in 6 passwords. Does anyone else think this is a bit high?
Prospero