• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

The 25 Worst Passwords Of 2013 – “password” Is Not #1

January 22, 2014

Views: 5,415

The worst passwords of 2013 – really, more like the most common. The majority come from the massive Adobe leak, which contributed over 40 million passwords and skewed the data a fair bit pushing “photoshop” and “adobe123” into the list.

Most of them are no surprise though, we published the top 10 most common passwords back in 2006, and although it’s rather UK-centric, it did contain “password”, “123”, “123456”, “letmein”, “qwerty” and for some reason both the old list and this one contain “monkey”.

“123456” is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of “password.” Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that “123456” moved into the number one slot in 2013. Previously, “password” had dominated the rankings.

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had “123456” on top, followed by “123456789” and “password.” The magnitude of the breach had a major impact on Splashdata’s results, explaining why “photoshop” and “adobe123” worked their way onto this year’s list.

Fans of “password” could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don’t be surprised if “password” regains the throne in 2014.

It’s amazing to think in this day and age, with the amount of news coverage about hacking that people still use such simplistic passwords. Especially when they are dealing with accounts that have billing information/credit card details.

Plus the proliferation of fairly easy to use password generators and storage tools (KeePass/LastPass/PassPack/1Password etc). I’ve been trying a few of them out lately, and I’m favouring Passpack – although it changed hands lately and development has slowed down for a while.

Weaker passwords are more susceptible to brute-force attacks, where hackers attempt to access accounts through rapid guessing. And when encrypted passwords are stolen, weaker ones are the first to fall to increasingly sophisticated cracking software.

As always, Splashdata suggests avoiding common words and phrases, and says that replacing letters with similar-looking numbers (such as “3” instead of “E) is not an effective strategy. Instead, consider using phrases of random words separated by spaces or underscores, and using different passwords, at least for your most sensitive accounts. Password management programs such as LastPass, KeePass and Splashdata’s own SplashID can also help, as you only have to remember a single master password.

Here are the passwords:

1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000

Source: Network World

Share96
Tweet42
Share8
Buffer
WhatsApp
Email
146 Shares

Filed Under: Password Cracking Tools, Privacy, Web Hacking Tagged With: common-passwords, password-security, password-strength, passwords, weak-passwords



Reader Interactions

Comments

  1. mick says

    January 24, 2014 at 8:37 am

    In all fairness though, how many of these are used to access accounts that ACTUALLY matter to these people? I’m guilty of using 123456 and qwerty on sites that FORCE me to sign up to view/download/consume content.

    I think a better study would be to only include accounts that have financial and/or private/sensitive information (such as CC#’s, SS#’s, email, other password access etc).

    • Darknet says

      January 24, 2014 at 2:01 pm

      That’s true mick, but that’s why I suggest using something like Passpack – you can use secure (and more importantly, different) passwords for every site. Which, even if a breach does occur, reduces your risk surface dramatically.

      • mick says

        January 26, 2014 at 6:59 am

        Ahh, of course. For sites that matter. Again, if I’m told to sign up to a website to download some crappy software that I don’t really need or to read some forum post that I can’t see without registration, I always use a secondary email address and a shitty password.

        However, if it’s something that’s actually important to me, I always choose unique passwords per site and depending on what it is, I’ll store it in a password DB.

        • Darknet says

          January 27, 2014 at 1:21 pm

          Yah, I do that too – the main problem is people use the same or a variation of the same password for all sites (if they matter or not). People reading this site are generally already a step ahead of the curve ;)

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,885)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,351)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,358)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,681)
  • Password List Download Best Word List – Most Common Passwords (931,843)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,475)
  • Hack Tools/Exploits (672,591)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,859)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy