Mark Burnett has compiled a list of the 10,000 passwords that are used in over 90% of cases. These include ‘password’, ‘123456’, ‘12345678’, ‘1234’, ‘qwerty’, ‘12345’ and even ‘letmein’.
A security breach of an internet gaming site led to the publication of 32 million passwords on the internet. No personal information was given but the list of passwords proved very interesting. A study by Imperva showed the following:
30% of passwords where 6 characters or less
60% contained a limited set of alpha-numeric characters.
50% of passwords were names, slang words, dictionary words, consecutive digits, or adjacent keyboard keys.
The most common password among Rockyou.com account owners was “123456”, the 4th most popular was “password”.
Using a password on this list makes you very vulnerable to Intelligent guessing – the first attempts will be based on most likely passwords so obvious ones will be tried first. It will also use known passwords for the same username found elsewhere. But this will then move onto other dictionary words and names.
It is worth noting that many of these passwords on the list seem quite good at first – they use a mixture of characters, but are in fact quite common, examples include : zxcvbnm1, xytfu7, 1x2zkg8w, 1q2w3e4r and even 1q2w3e4r5t – a 10 character password that seems quite strong.
By making your password longer and not from a commonly used list you force the hacker into Brute Force guessing – here a systematic guessing process will take place based on character combinations of increasing length. It is likely to start with lowercase and numbers as these are the most likely to be used.
Consider ‘password padding‘ article to see how to mix easy to remember with hard to crack.
Try out our ‘Password Assessor‘ and find out if your password is on the list.