Security

Here Are the Most Common Passwords, Ranked

It’s difficult to navigate through this confusing, technological age. But luckily, some of it is pretty straightforward. When it comes to passwords, most websites — if they’re reliable — will call for certain requirements. Perhaps a minimum set of characters. At least one uppercase letter. Sometimes, they ask for one special character, like a dash or period. Before reading about which passwords not to use, activate Applock so you’ll be ready to protect your most sensitive apps with a very secure second password:

Website administrators invested in the cybersecurity of their users have tried to make some standards blatantly obvious. For example, if you’re trying to create a secure password, don’t use the word “password.” Please don’t use the word “google.” And please, do not type “7” seven times in a row, because it never works out in the end.

Still, the most popular passwords of the last few years haven’t changed much.

This now means that because the average password-creating user — in spite of presumably being versed in the basics of cybersecurity — isn’t inclined to maximize his protection on his own, site operators may have to step it up. Keeper Security released a study on the most common passwords of 2016, gathering data from 10 million password-protected accounts breached in the past year. The top twenty five most frequently used passwords accounted for 50% of the 10 million cases studied, displayed below.

Top Ranking Passwords

123456
123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321
666666
18atcskd2w
7777777
1q2w3e4r
654321
555555
3rjs1la7qe
google
1q2w3e4r5t
123qwe
zxcvbnm
1q2w3e

The password “123456” accounted for about 17% of the compromised passwords evaluated by Keeper. Similarly, other fairly predictable number sequences like “987654321” and “666666” made it onto the list — their predictability lying in the arrangement of keys on the keyboard and matching the number of characters to the number given, respectively. Letter sequences such as “qwerty” were also decipherable by hackers who were familiar with keyboard layouts. In addition, full words like “google” were fair game for hackers trying to gain access to Gmail accounts.

Seemingly random passwords like “3rjs1la7qe” were attributed to bots attempting to send spam emails. These were made vulnerable by the mere principle of repetition; as bots used these passwords over and over again, hackers caught on.

Human beings, known for their surprises, also managed to get “mynoob” onto the most common passwords list — proving that there are still mysteries in the world.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.