The Top 10 Most Common Passwords

A pretty interesting article that statistically measured the frequency of passwords by taking an aggregate sample of passwords (primarily from the UK).

Here are listed the most commonly occurring from the sample.

10. ‘thomas’ (0.99%)

First off, at number 10, is the most common format of passwords – the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.

We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.

9. ‘arsenal’ (1.11%)

Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word ‘arsenal’ starts with a 4-letter swear word – another popular choice when it comes to passwords.

Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.

8. ‘monkey’ (1.33%)

Quite why the monkey makes it into 8th place is beyond me, but the fact that it’s a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.

Still, it’s quite worrying that there’s such a trend – perhaps the internet and monkeys are inextricably linked?

7. ‘charlie’ (1.39%)

Another name – nowhere near as common a name as No. 10, Thomas, but it’s our most popular name-based password overall.

Could of course, be a homage to a number of famous Charlies – Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they’re referring to it’s slang usage.

6. ‘qwerty’ (1.41%)

I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them – which would explain why 1 in 700 people choose ‘qwerty’ as their password.

5. ‘123456’ (1.63%)

Can you count to 6? It’s the most common minimum required length of password – and the 5th most common password.

4. ‘letmein’ (1.76%)

A modern-day version of ‘open sesame’ – and 1 person in 560 will type ‘letmein’ as their password. Quite why is beyond me.

I could be mistaken, but I have a hunch that ‘letmein’ has been featured in a movie or TV series – Fox Mulder’s password from the X Files – ‘trustno1’ – also ranked quite highly.

3. ‘liverpool’ (1.82%)

The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?

Liverpool ranked 3rd in the average attendance ratings – leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list – perhaps because they’re too long and difficult to type.

2. ‘password’ (3.780%)

Akin to pressing the ‘any’ key, when told to enter a ‘password’, it would seem that users aren’t the sharpest tool in the box – with almost 1 in 250 people choosing the word ‘password’.

1. ‘123’ (3.784%)

With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), ‘123’ must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!

Source: Modern Life is Rubbish

Posted in: Hacking News

, , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

17 Responses to The Top 10 Most Common Passwords

  1. clarence June 5, 2006 at 7:47 am #

    nice one..

  2. rik June 5, 2006 at 8:00 am #

    ‘123’ (3.784%)
    With nearly 4 people in 1,000 opting for a simple numerical sequence

    Sorry to be pedantic (I know it’s quoted from the source), but 3.7% is nearly 4 in 100 people, not 1000.

  3. backbone June 5, 2006 at 9:19 am #

    it’s seem’s quite imposibile to me that 4 in 100 people (as rik said) choose 123 as a password

  4. rik June 5, 2006 at 10:21 am #

    Just re-read the article, I was wrong! It’s ‰ (a tenth of %) not %. So it *is* 4 in 1000 people!

  5. Tan Yee Wei June 5, 2006 at 11:46 am #

    Interesting article. Incidentally, I have a friend who uses the ‘123’ string for naming unimportant documents he sends to me.

    And as his nickname when playing games at cyber cafes.

  6. Navaho Gunleg June 14, 2006 at 4:09 pm #

    I wonder how do they come up with these results? I’d fill in ‘123’ on any survey asking for my password, too…

  7. Darknet June 14, 2006 at 4:18 pm #

    By cracking them usually and graphing the results.

  8. Navaho Gunleg June 14, 2006 at 5:11 pm #

    Ah I see — the article didn’t mention any of that.

    But isn’t that illegal? ;)

  9. Darknet June 14, 2006 at 5:36 pm #

    Not during a pen-test, it’s part of the job, I’ve done the same excercise before and reported the results.

    I guess if you didn’t mention any of the organisations the results were from there would be nothing wrong with it.

  10. WI-FI-FUCKED October 15, 2006 at 5:10 am #

    Figures, arsenal and 1234567 besides if your looking to crack any WPA in the united states try , imanidiot, god , jesus, mylordansavor, ihavenoedu, fuckliberals, domination, watistelnet , fukmiquik, ihatejews, ihateniggers, kkkalldaway, killevry1 ( if numeral opion is available)

  11. Joe February 7, 2008 at 5:33 pm #

    This was a very interesting read. Next time i’m trying to guess a password for whatever reason i’ll be sure to type in this list.

  12. eM3rC February 8, 2008 at 3:36 am #

    Wow this is awesome.
    I though I saw a post like this but the top passwords were things like sex, god, hacker, etc

    Glad my passwords are a little more complicated…

    Isn’t the rule of thumb to have a word/letters some #s and possibly extra characters (!,%, etc)?

  13. Pantagruel February 8, 2008 at 1:05 pm #

    rule of thumb is ok, but most users repeatedly chose a weak password just because they are afraid that they might forget a strong one. The once they consider strong are usually a permutation of name and birthday of spouse or other family members (for the singles take car brand, pet name, etc)

  14. eM3rC February 9, 2008 at 8:31 am #

    I think that using the first letters from a phrase or group of people you know in combination with letters, numbers and special characters might be an easy to remember and secure password.

    Theres also the option of a post-it note or writing it down on a piece of paper and hiding it :)

  15. Mike Touch April 7, 2008 at 4:39 pm #

    Interesting post, cheers.
    Time to change my passwordsl ol

  16. James C April 7, 2008 at 4:53 pm #

    Most common password in the english speaking world is password1.

  17. Prospero April 26, 2008 at 9:04 am #

    I’m pleased to see that alot caught the number 1 most common password’s “Nearly 4 in 1000 mistake” My question is, which part is wrong? Is it nearly 4/10ths of 1% or nearly 4%, if it is the former, then does that mean all of them are off by one decimal place, I say this because if you add up the percentages of the top passwords, It’s hard to swallow that those passwords could account for such a large percentage, in my experience it’s hard to believe that those 10 passwords come close to accounting for almost 1 in 6 passwords. Does anyone else think this is a bit high?