If you think you’re being clever by basing your password on the site you’re visiting or adding a zero to the end of 123456789, you’re not. A new list of the 25 worst passwords, culled from public dumps of passwords stolen in data breaches, shows that these are some of the least useful passwords you can come up with. The good news is that “password” is no longer the most popular bad password. The bad news is that the new loser is even worse.
The most often-used password found in public password dumps in 2013 was “123456”, about as far as you can get away from being a complex password. The list, complied by SplashData, shows that “password”, which had been the most popular bad password for several years, feel to number two, while several variations of consecutive digits were also found in the top 10. The list reads like a primer on how to devise miserable passwords guaranteed to fall to a brute-force attack.
One of the major contributors to the database of publicly available user passwords was the Adobe data breach, which affected nearly three million users. A number of the passwords found in the top 25 list are clearly related to Adobe accounts, including “photoshop” and “adobe123”. The Adobe password list also contains a sad litany of lazy, simple passwords. For example:
These passwords violate pretty much every generally accepted piece of advice experts give about constructing strong passwords. No capital letters, no special characters, consecutive digits, etc. In short, these are the passwords that attackers hope for when they are trying to compromise a user’s account. And, unfortunately, it’s often what they get.