Three Most Commonly Used Passwords
January 23, 2010 by pcl · Leave a Comment
PHREAK: Alright, what are the three most commonly used passwords?
JOEY: love, secret, and uh, sex. But not in that order, necessarily, right?
CEREAL: Yeah but don’t forget GOD. System operators love to use GOD. It’s that whole male ego thing.
Analyses of various password leaks:
- 32 million RockYou passwords (December 2009)
- 47,380 phished MySpace passwords (2006), 28,644 phpBB.com mailing list passwords (January 2009), and 40,758 singles.org passwords (February 2009)
- 10,000 phished Hotmail passwords (October 2009)
- 8,000 Comcast passwords (March 2009)
I think it is interesting that as bad as the passwords in Hackers seem, the passwords people actually use are somehow even worse. Where it’s allowed, 123456 always takes the number one spot, usually by a huge margin; in the RockYou leak, 123456 was used 4x more than its closest competitor (12345). When purely numeric password are forbidden, password is the clear winner, and continues to take the number one spot as requirements are added.
Require a capital letter? Password
Number? password1
Both? Password1
The top three I’d try, without knowing the requirements:
- 123456
- password
- password1
Stealing Passwords
January 22, 2010 by pcl · Leave a Comment
All of the recent stories about high-profile sites storing passwords in plain text makes me feel a little bad for picking on people using unsalted MD5 hashes. At least they tried!