WEB | HAX | SEO

navigation

recently

other links

Top 10 Most Common Passwords 26th May, 2006 — Stuart Brown

Users: Strong passwords? No thanks!

Life these days has become largely dependent on passwords - whether we're checking our emails, transferring funds or shopping online, passwords have their part to play. We're constantly bombarded with horror stories of security breaches, fraud, and phishing sites. Users are consistently told that a strong password is essential these days to protect private data. Why is it, then, that users on websites opt for the same, consistent, insecure passwords time after time?

Taking an aggregate sample of passwords (primarily from the UK), we take a look at the most commonly occurring. If you spot your own password listed - it might just be time for a change!

10. 'thomas' (0.99‰)

First off, at number 10, is the most common format of passwords - the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.

We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.

9. 'arsenal' (1.11‰)

Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word 'arsenal' starts with a 4-letter swear word - another popular choice when it comes to passwords.

Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.

8. 'monkey' (1.33‰)

Quite why the monkey makes it into 8th place is beyond me, but the fact that it's a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.

Still, it's quite worrying that there's such a trend - perhaps the internet and monkeys are inextricably linked?

7. 'charlie' (1.39‰)

Another name - nowhere near as common a name as No. 10, Thomas, but it's our most popular name-based password overall.

Could of course, be a homage to a number of famous Charlies - Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they're referring to it's slang usage.

6. 'qwerty' (1.41‰)

I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them - which would explain why 1 in 700 people choose 'qwerty' as their password.

5. '123456' (1.63‰)

Can you count to 6? It's the most common minimum required length of password - and the 5th most common password.

4. 'letmein' (1.76‰)

A modern-day version of 'open sesame' - and 1 person in 560 will type 'letmein' as their password. Quite why is beyond me.

I could be mistaken, but I have a hunch that 'letmein' has been featured in a movie or TV series - Fox Mulder's password from the X Files - 'trustno1' - also ranked quite highly.

3. 'liverpool' (1.82‰)

The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?

Liverpool ranked 3rd in the average attendance ratings - leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list - perhaps because they're too long and difficult to type.

2. 'password' (3.780‰)

Akin to pressing the 'any' key, when told to enter a 'password', it would seem that users aren't the sharpest tool in the box - with almost 1 in 250 people choosing the word 'password'.

1. '123' (3.784‰)

With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), '123' must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!


Conclusion

The above figures mean that 1.8% of people use one of the above passwords - and 6.5% of people share a password from the top 100 list. Although the remaining 90+% have less common (or even unique) passwords, the trends towards simplistic and guessable show that the average user cares less about choosing a strong password and more about memorability. Or in some cases, their football team.

I won't go in-depth about how to make sure you have a strong password - there are plenty of guides out there - but the above list should certainly prove a useful guide as to what sort of password to avoid.

In a day when all our private data and banking information is stored behind simple secret words and phrases, it makes sense to narrow the probability of guesswork as slim as possible.


[ Sections : home | web design & development | internet security | search engine optimisation ]