Here are the 200 most common passwords

Originally published at: Here are the 200 most common passwords | Boing Boing

…

Obligs:

I assume ‘col123456’ is a default password for some IOT device and most purchasers never reset it.

Hmm. Wonder what’s the thinking behind some of these?

Like #53, 9136668099. The “666” seems obvious, but what about the rest?

What the hell kinds of sites and services even allow people to choose such flimsy passwords? I got sites forcing me to put an ampersand in there.

Phone number? 913 is an area code for a large chunk of Kansas, and it looks like the prefix 666 is used in the Kansas City area.

Obligatory Hackers scene:

No 8675309? Maybe that’s too old of a reference now

No 5882300? Maybe too chicago specific

Dammit, earworm.

Even with my typo!

Just too catchy!

As useful as password managers are in increasing security, if the functionality to generate random passwords isn’t used they just become bins containing garbage passwords like these.

Some of these (like #21 D1lakiss) seem way too specific to actually be that common. I suspect they were used by a bot that had thousands of accounts (and then got hacked). Which in turn calls into question the value of this list.

Legit surprised that CorrectHorseBatteryStaple isn’t in there. Also surprised at the lack of “awef” (the thinkin’ person’s “asdf”).

What kind of sites were these passwords taken from? The password I create for my bank, and the password I create because I have to make a fucking account just to estimate out the postage on an order have completely different levels of complexity.

Lifehack for whenever you’re in a store that requires a membership card to get the sale prices and you don’t have one: use the “I forgot my card/enter phone number” option and enter 867-5309 with the local area code. It’s always in the system already.

Obligs:

Also, none of these passwords are really that common. The top one is less than 5 million, for 6 billion people who, I know everyone doesn’t have a computer, but those of us who do have dozens if not hundreds of accounts with passwords.
The interesting part of the list to me is how long it takes to crack them.

My biggest question is how are these passwords out in the open? I’m sure there are technical explanations that I don’t get but still.

The list of passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents. They evaluated a 3TB database.

I’ve tried password managers but I’ve never really got into it. I just use a single word that is not common because it’s made up and then add an identifier from the website plus a number and special character.

I do it that way because I can’t remember anything and my wife and daughter would easily be able to get to things should something happen to me. But as long as they have access to my email and phone they will have no problems getting access to important things like my BB account because they can just reset passwords.

I have recently started using authenticator apps to replace text messages for 2 factor authentication. If I set it up for a notification I don’t even have to enter a number, just accept it on my phone. It is weird when I get a notification and I’m no where near that particular website. PayPal did it this morning, 3 notifications that someone was trying to login. Someone either mistyped the login and tried a password reset or someone/bot was trying to gain access, either way, they were foiled by 2 factor.

You just wait until next month’s issue of Password Trends magazine, with a cover line:

“&&&&&&&&”
Why experts think
six &'s are enough

My favorite terrible password will always be “! QAZ2wsx”. It ticks a lot of security boxes, but if you look at a keyboard you can see that it’s designed for speed of entry, not security.