Every year, security analysts release a list of the top passwords used. These are usually compiled from the various lists of usernames and passwords which are leaked from hacks, such as the Yahoo hack of 2016 (which compromised almost 1 billion accounts.
No matter how these lists are compiled, they usually make interesting reading, this years report is by Keeper, a company that provides software to keep your passwords safe (I’m not commenting on their services, just stating what they do).
And the top 25 are. . .
- 123456
- 123456789
- Qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
- Qwertyuiop
- Mynoob
- 123321
- 666666
- 18atckd2w
- 7777777
- 1q2w3e4r
- 654321
- 555555
- 3rjs1la7qe
- 1q2w3e4r5t
- 123qwe
- zxcvbnm
- 1q2w3e
Well, I think we can see where most of those come from. Apart from the number 15 and number 20 positions (which are guessed to be fake accounts created by bots for spam purposes, where the bots were programmed to use standard passwords), the passwords are either easily guessable ones (password, google, etc) or patterns of keys on the keyboard (qwerty, 123456, 1q2w3e, etc).
From a personal point of view, I find it interesting to see the passwords evolving over time, especially the long period of time I’ve been involved in computing. While the “qwerty” and “password” ones have always featured on the list, back a decade or two ago the passwords were far more geeky, with “dragon” being one of the most popular, along with “ncc1701” (the code number of the Enterprise in Star Trek), “gandalf” and “batman” always being popular. Ahh, those were the days when geeks ruled the internet.
Colours have always remained popular, “purple”, “orange”, “green” still showing in lists of passwords, so just in case you want to hack a co-workers email, ask them their favourite colour and you stand a better than average chance of guessing their password.
So if your password is on this list, obviously change it, choose something personal, and then stick random capitals in it and some numbers somewhere, and it should be pretty safe, but if you’re sticking with something obvious, you’re just asking for your email account to be hacked.
