RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2023/11/22 17:41:09

Most popular passwords

.

Content

Main article: Passwords

2023: They are hacked in less than a second. The most popular passwords of 2023

In 2023, the most common passwords in the world were "123456," "admin" and "12345678." At the same time, the leader of 2022 - "password" - was in 7th position in the ranking of the most frequently used combinations. This is stated in a report published in mid-November 2023 by the developer of the NordPass password manager.

The ranking was compiled in collaboration with independent researchers specializing in the investigation of cybersecurity incidents. Analyzed data of 4.3 TB, extracted from various publicly available sources, as well as from the darknet. In addition, approximately 6.6 TB of information stolen during cyber attacks has been studied: this is, in particular, information stolen using malware such as Redline, Vidar, Taurus, Raccoon, Azorult and Cryptbot. Malware logs include not only passwords, but also other data, including the source of the leak.

The most common passwords in the world were "123456," "admin" and "12345678"

In addition to these combinations, the top 20 most common passwords of 2023 include "123456789," "1234," "12345," "123," "Aa123456," "1234567890," "UNKNOWN," "1234567," "123123," "111111," "Password," "12345678910," "000000," "admin123," "* * * * * *" and "user." It is noted that 17 of these passwords can be hacked in less than a second, and therefore attackers can easily gain access to victims' accounts. However, it takes 17 minutes to select the UNKNOWN code.

The study says that 86% of all attacks on web applications use stolen credentials, while online accounts, emails and passwords account for about 18% of the most frequently sold information on the darknet. From 2016 to 2023, inclusive, Internet user accounts were hacked a total of about 24 billion times.[1]

2022: Most popular passwords are a123456, 123456 and 123456789

On February 10, 2023, representatives of the Russian service for intelligence of data leaks and monitoring of the DLBI darknet (Data Leakage & Breach Intelligence) announced an annual study of logins and passwords of users who have been made publicly available.

DLBI has identified the most popular logins and passwords that are publicly available. Illustration: rozetked.me.

As reported, in the year since the last study, approximately 900 million non-unique accounts (about 110 million unique) appeared in the public domain, which were analyzed. In total, starting in 2017, the service analyzed 36.4 billion non-unique or 5.47 billion unique accounts.

Sources data for annual research are various communities involved in recovering passwords from hashes (for example, hashmob.net), shadow forums and - Telegram channels, where mass leaks are laid out in the public domain. The received data are cleared of "garbage" (empty and repeated records), detected and removed automatically generated passwords, as well as data of mass automatic registrations, when accounts on a particular service that allowed a leak are started by bots.

In 2022, the study, in particular, included the following major leaks (over 15 million accounts): social networks for video dubsmash.com - 50 million records, dating service mate1.com - 27 million records, Latin American social network Taringa! - 26 million records, actor and model selection service exploretalent.com - 18 million records, online store nlstar.com network marketing company NL International - 15 million records.

At the time of the study, the password database contained:

  • 5 471 135 296 total passwords (5 362 581 573 in 2021)
  • 924 439 877 passwords containing only digits (894 691 158 in 2021)
  • 1 403 357 017 passwords containing only letters (1 380 701 190 in 2021)
  • 14,599,602 passwords containing Cyrillic letters (14,470,812 in 2021)
  • 201 792 050 passwords containing letters, numbers and special characters (195 647 440 in 2021)
  • 3 536 268 664 a password containing 8 or more characters (3 472 273 173 in 2021)
  • 907 856 723 password containing more than 10 characters (890 164 009 in 2021)
  • 1 171 584 985 passwords containing less than 7 characters (1 139 217 369 in 2021)

The top 10 most popular passwords for all leaks since 2017 have remained practically unchanged since the previous study and consist of: 123456, 123456789, qwerty123, 12345 (previously ranked 5th), qwerty (ranked 4th in 2021), qwerty1, password, 12345678, 111111 (previously ranked 10th) and 1q2w3e (ranked 9th in 2021).

At the same time, the top of the most popular passwords from leaks that took place in 2022 is significantly different. The first place is occupied by a123456, followed by 123456 (ranked 3rd in 2021), 123456789 (ranked 5th in 2021), 12345 (ranked 9th last year), 33112211, 111111, 12345678 (8th place in 2021), 1234567890, 1234567, 1q2w3e4r.

The differences between the 2022 top and the popular passwords of previous years indicate the constant simplifications of passwords invented and remembered by people. In 2022, 1 500 547 458 resource accounts were also analyzed, located in the domain zones of.RU and the RF (a year earlier -  1 483 586 769). Top Most Popular passwords of the.RU and.RF zones for the entire time amounted to: 123456, qwerty, 123456789, 12345, qwerty123, 1q2w3e, password, 12345678, 111111 and 1234567890.

The top popular passwords of the.RU and.RF zones from the leaks of 2022 consisted of: 33112211, 123456 (3 places in 2021), 1q2w3e4r, 123456789 (6th place a year earlier), qwerty (9th place in 2022), 111111, 12345 (5th place in 2021), 12345678, 123123 and 1234567890. At the same time, the top most popular Cyrillic passwords for all domain zones remained unchanged. It includes: ytsuken, password, love, hello, natasha, maxim, marina, love, andrey and christina.

The most popular names (the left side of the e-mail address acting as a login) around the world in 2022 were: info, admin, office, mail, contact, sales, adam, webmaster, john, david. The most popular domains (right part of e-mail of the address acting as the login) became gmail.com, yahoo.com, hotmail.com, mail.ru, rambler.ru, yandex.ru, qq.com, ya.ru, aol.com and bk.ru.

File:Aquote1.png
Changing the tops of the passwords used suggests that, despite the attacks hackers efforts of manufacturers, ON user passwords remain dangerously simple for the most part. Almost a billion passwords contain only numbers, and the world top is led by variations of 12345.

noted Ashot Hovhannisyan, founder of DLBI service
File:Aquote2.png

2021

Leaders: 123456, 123456789 and qwerty123

On January 21, 2022, the results of a study of the most popular passwords in 2021 conducted by the DLBI data leak intelligence and darknet monitoring service became known.

As part of a study conducted since 2017, a total of 35.5 billion login-password pairs were analyzed, of which 5.36 billion were unique. According to the results of 2021, more than 250 million new login-password pairs were allocated, which had not previously been found in any leaks.

The data sources for the study were communities of enthusiasts involved in recovering passwords from hashes, such as, for example, hashmob.net, as well as shadow forums, where mass leaks are made publicly available. This data was cleared of "garbage" (empty and repeated records), as well as automatically generated bot credentials.

The study, in particular, included such large leaks as data from users of the P2P network for the exchange files of imesh.com (44 million entries), Chinese the literary resource readnovel.com (42 million entries), Russian the service of anonymous questions and answers of sprashivai.ru (25 million entries), the online community of writers and readers of wattpad.com (23 million entries), as well as the service for creating online quizzes dailyquiz.me (22 million entries).

At the time of the study, the database contained:

  • Password 5 362 581 573 total (+ 5% vs 2020)
  • 894 691 158 passwords containing only digits (+ 5, 5% compared to 2020)
  • 1 380 701 190 passwords containing only letters (+ 3.3% compared to 2020)
  • 14,470,812 passwords containing Cyrillic characters (+ 8.14% compared to 2020)
  • 195 647 440 passwords containing letters, numbers and special characters (+ 14.25% compared to 2020)
  • 1 139 217 369 passwords of 7 or less characters (+ 4.4% compared to 2020)
  • 3 472 273 173 passwords of 8 or more characters (+ 5.2% compared to 2020)
  • 890 164 009 passwords with more than 10 characters (+ 5.9% compared to 2020)

Among the most popular passwords for the entire study period: 123456, 123456789, qwerty123 (previously in 7th place), qwerty (previously in 3rd place), 12345 (previously in 4th place), qwerty1, password (previously in 5th place), 12345678 (previously in 6th place), 1q2w3e (previously in 8th place), 111111 (previously in 9th place).

And this is how the ten most popular passwords from the leaks of 2021 look like: qwerty123, qwerty1, 123456 (ranked first in 2020), a11111, 123456789 (formerly ranked 2nd), 111111 (formerly ranked 3rd), 112233, 12345678 (ranked 5th in 2020), 12345 (formerly ranked 7th) and 000000 (formerly ranked 9th).

As part of this study, passwords for accounts domain in zones .RU and in RF which the corresponding addresses were used as logins were separately analyzed for the first time. email In total, 1 483 586 769 accounts were processed, and the list of the most popular passwords was: 123456, qwerty, 123456789, 12345, qwerty123, 1q2w3e, password, 12345678, 111111, 1234567890.

At the same time, the top passwords from 2021 leaks for Russian domain zones consisted of qwerty123, qwerty1, 123456, asdasd, 12345, 123456789, asdasd123, 12345678, qwerty and 123321.

The traditional top of the most popular Cyrillic passwords included: ytsuken, password, love (rose from 4th place), hello (in 2021, occupied 5th place), natasha (passed from 6th place), maxim (fell from 7th place), marina (rose from 9th position), I love, Andrei (occupied 10th place) and Christina.

Commenting on the results of the study, DLBI founder Ashot Hovhannisyan noted that the data obtained once again confirm that a significant part of users are quite frivolous about the passwords used, and in 2021 neither the share of complex (containing letters, numbers and special characters), nor the share of long (more than 10 characters) passwords practically did not change, remaining at 3.5% for the former and 16.5% for the latter.

File:Aquote1.png
At the same time, the possible damage from guessing passwords even for individuals increases every year. Very often, having gained access, for example, to e-mail, attackers can reset the password to the online bank or service of the Public services, trying to bypass two-factor authentication using social engineering. And this is if they have SMS confirmation at all, which is far from a rule for the same Public services, - said Ashot Hovhannisyan.
File:Aquote2.png

Also, the big problem remains that many services in which users register with their own password use weak and outdated hashing algorithms to store it, and some even store passwords in clear text, which makes it easy to access them in case of an accidental leak or hack, Ashot Hovhannisyan added.

Popular leaked passwords that refer to the names of famous superheroes

On October 4, 2021, it became known that experts, Mozilla the developer, browser Firefox analyzed base the hacked accounts of the haveibeenpwned.com and came to the conclusion that Internet passwords referring to the names of famous superheroes are often in demand by users. This was reported in the company's blog.

Illustration: www.telegrafi.com

So database merged in the passwords of the haveibeenpwned.com there are approximately 370 thousand passwords referring to Superman, more than 220 thousand are associated with Batman and 160 thousand - with Spider-Man.

Thousands more accounts around the world are protected by passwords that mention not the superheroes themselves, but the names of fictional characters who had superpowers. So the list turned out to be James Howlett (Wolverine) and the movie heroes mentioned above: Clark Kent, Bruce Wayne and Peter Parker.

File:Aquote1.png
"The password is like the keys to your apartment. In cyberspace, he acts as a guardian of your personal data. That is why it is important to ensure that passwords are resistant to hacking, "-

noted in Mozilla.
File:Aquote2.png

[2]

2020

The most popular password containing letters, numbers and special characters is 1qaz @ WSX

The most popular password containing letters, numbers and special characters is 1qaz @ WSX. This became known on March 1, 2021.

This study includes approximately 5.1 billion unique login/password pairs. The login in this case is the email address.

It should be noted that for all the time, starting with the very first study of passwords in 2017, experts analyzed 33.3 billion username/password pairs (including non-unique ones).

The sources of the analyzed data are various communities engaged in recovering passwords from hashes (for example, hashes.org and hashkiller.io) and shadow forums, where mass leaks are made publicly available.

Data is cleared of "garbage" (empty and repeated records). Using a special algorithm (filter), automatically generated passwords are detected and disqualified (those that are not set by users themselves, but by the service that leaked these same passwords), as well as mass automatic registrations (when accounts on a particular service that leaked are started by bots). Cyrillic characters are reduced to a single encoding.

For 2020, the following large leaks were noted (over 30 million login/password pairs) that fell into this study:

  • community of virtual pets neopets.com - 68 million
  • social network netlog.com - 53 million
  • online community for writers and readers wattpad.com - 48 million
  • service for posting photos fotolog.com - 42 million
  • social network livejournal.com - 33 million

The Zyfras in the list above are not the size of the leak made by a particular service, but the number of "decrypted" passwords available at the time of the study. These leaks themselves could have occurred before 2020, but only in 2020 they became publicly available.

At the time of the study in the password database:

  • 5,108,611,469 total passwords (was 4,883,711,954)
  • 848,134,618 passwords contain only digits (was 779,281,749)
  • 1,335,889,957 passwords contain only letters (was 1,275,706,800)
  • 13,381,165 passwords contain letters of the Cyrillic alphabet (was 10,972,555)
  • 171,246,021 passwords contain letters, numbers and special characters (was 159,948,243)
  • 3,300,865,676 passwords contain 8 or more characters (was 3,126,556,695)
  • 840,680,047 passwords contain more than 10 characters (was 792,123,298)
  • 1,091,415,435 passwords contain less than 7 characters (was 1,031,293,444)

Taking this data as a basis, a traditional "hit parade" of passwords and logins was compiled. Parentheses indicate the old place of the record in the top (if it fell into it earlier).

The 10 most popular passwords of all time:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345
  5. password
  6. 12345678
  7. qwerty123
  8. 1q2w3e
  9. 111111
  10. 123123


It is noted that the password "123123" appeared in 10th place, shifting the "1234567890" to 12th place.

Starting in 2021, it was decided to publish the 25 most popular passwords of all time:

  1. 1234567
  2. 1234567890
  3. 000000
  4. qwertyuiop
  5. 123321
  6. 1234
  7. abc123
  8. 654321
  9. 666666
  10. 1q2w3e4r5t
  11. 7777777
  12. password1
  13. iloveyou
  14. 555555
  15. 123


And this is how the 10 most popular passwords from leaks look like in 2020 alone:

  1. 123456
  2. 123456789
  3. 111111 (9)
  4. Password (5)
  5. 12345678 (8)
  6. 123123
  7. 12345 (3)
  8. 1234567
  9. 000000
  10. 1234567890


The 10 most popular letters-only passwords are:

  1. qwerty
  2. password
  3. qwertyuiop
  4. iloveyou (5)
  5. asdasd
  6. zxcvbnm
  7. qazwsx (8)
  8. dragon (9)
  9. asdfghjkl
  10. monkey


The password "unknown" (previously ranked 7th) was disqualified in 2021, because it fell under the filter.

10 most popular passwords containing letters, numbers and special characters:

  1. 1qaz@WSX (3)
  2. P@ssw0rd (4)
  3. p@ssw0rd (5)
  4. 1qaz!QAZ (7)
  5.  !QAZ2wsx
  6. Pa$$w0rd
  7. Password1!
  8. feder_1941
  9.  !qaz2wsx
  10. abc123!


Passwords "Aa123456." (previously 1st place), ") 4ever" (2), "123456QQAqqa_" (6), "Spiritwear_2004" (8), "wowecarts @ 123" (9) and "film @ 123" (10) were on the list of complex passwords of the 2020 rating, fell under the filter and were disqualified in 2021.

The 10 most popular Cyrillic passwords are:

  1. ytsuken (2)
  2. password (1)
  3. me
  4. love
  5. hi
  6. natasha
  7. maxim (8)
  8. love (7)
  9. marina
  10. andrey (9)


In 2021, it was decided to show the 10 most popular passwords that fell under the filter and were removed from the main ratings:

  • g_czechout
  • DEFAULT
  • 30media
  • 10pace
  • 59trick
  • 24crow
  • 59mile
  • 19weed
  • 66bob
  • )ryan


The 25 most popular passwords, one way or another related to the coronavirus and pandemic:

  1. covid19
  2. corona
  3. epidemic
  4. COVID19_Access
  5. Covid19
  6. pandemic
  7. covid-19
  8. coronavirus
  9. COVID19
  10. covid2020
  11. epidemic5
  12. Covid2020
  13. epidemic1
  14. epidemic
  15. pandemic1
  16. coronavirus1
  17. covidien
  18. covid2019
  19. Covid-19
  20. Coronavirus2020
  21. Covid2019
  22. Pandemic
  23. covid192020
  24. coronavirus19
  25. covid1984


Now as for logins (e-mail addresses).

The 10 most popular domains are:

# yahoo.com # gmail.com

  1. hotmail.com (4)

# mail.ru (3) # rambler.ru # yandex.ru

  1. ya.ru
  2. qq.com (10)
  3. aol.com (8)
  4. bk.ru (9)


The 10 most popular names are:

  1. info
  2. admin (4)
  3. office (5)
  4. mail (6)
  5. contact (7)
  6. sales (8)
  7. adam (9)
  8. webmaster
  9. john (10)
  10. chris


The names "rambler.ru" (previously 2nd place) and "mail.ru" (3) were removed from this list, because they fell under the filter[3].

Most popular 123456789, picture1 and password

After checking nearly 275.7 million passwords, NordPass published a list of the most commonly used passwords for online accounts in 2020. This became known on November 19, 2020. The first five lines were taken by combinations such as "123456789," "picture1," "password" and "12345678." The most common password was "123456," which was hacked more than 23 million times in 2020 alone.

The shorter password "12345" ranked first in 2019. But more than 188,000 users chose it in 2020, allowing it to be ranked eighth. Both passwords can be broken in less than a second.

NordPass said less than half of the passwords on the 2020 list are new. Analysts have noticed that users prefer simple passwords, because they are easier to remember. For the sake of convenience, many use obscene words, numbers, names and food to protect accounts.

Also, as a password, people often name groups, films, cartoons and other objects of pop culture. Such combinations are also considered unreliable. NordPass noted that the most popular password of 2019 was the name of the music group "onedirection." For November 2020, this combination was bypassed by passwords such as "pokemon" and "blink-182"[4] are[5].

2019

Rating of the year: 12345 - leader

NordPass[6] has published a list[7] the most common and least secure passwords. Experts used a database containing about 500 million passwords leaked in 2019 and ranked them by popularity.

The three most commonly used passwords were 12345, 123456 and 123456789, which were identified in the database a total of 6,348,704 times. These passwords are extremely unreliable and completely predictable, allowing attackers to easily hack accounts through brute force attacks.

The list of the 100 worst passwords is given below:

12345
123456
123456789
test1
password
12345678
zinch
g_czechout
asdf
qwerty
1234567890
1234567
Aa123456.
iloveyou
1234
abc123
111111
123123
dubsmash
test
princess
qwertyuiop
sunshine
BvtTest123
11111
ashley
00000
000000
password1
monkey
livetest
55555
soccer
charlie
asdfghjkl
654321
family
michael
123321
football
baseball
q1w2e3r4t5y6
nicole
jessica
purple
shadow
hannah
chocolate
michelle
daniel
maggie
qwerty123
hello
112233
jordan
tigger
666666
987654321
superman
12345678910
summer
1q2w3e4r5t
fitness
bailey
zxcvbnm
fuckyou
121212
buster
butterfly
dragon
jennifer
amanda
justin
cookie
basketball
shopping
pepper
joshua
hunter
ginger
matthew
abcd1234
taylor
samantha
whatever
andrew
1qaz2wsx3edc
thomas
jasmine
animoto
madison
0987654321
54321
flower
Password
maria
babygirl
lovely
sophie
Chegg123

Only 4.9m unique passwords found among 21m stolen accounts

On October 30, 2019, it became known that among the 21 million stolen accounts, researchers from ImmuniWeb found only 4.9 million unique passwords, indicating that many users use identical or similar passwords. Most often, simple passwords are used in the technology industry (passw0rd, 1qaz2wsx, career121, abc123 and password1), in the financial (456a33, student, old123ma, welcome and 123456) and in the sphere health care (Exigent, password, pass1, 000000 and 123456). More. here

DeviceLock studied the most popular passwords in the western segment and Runet

On April 23, 2019, it became known that DeviceLock, a Russian manufacturer of data breach systems, analyzed 3.5 billion compromised login-password pairs included in 7 collections totaling 975 GB published by hackers since the beginning of 2019.

The study highlighted the most frequent passwords in different segments. In particular, the top ten most popular passwords included: 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, 1234567890. The most popular Cyrillic passwords were: I (the only one-character password), password, ytsuken (in 2018 ranked second in the ranking), love, hello, I love, natasha, maxim, andrey, sunshine.

At the same time, the shares of weak (consisting only of letters or only numbers) and strong passwords (including numbers, letters and special characters) practically did not change and amounted to 42% and 3%, respectively. Also, the share of passwords containing less than 7 characters remained unchanged, which amounted to 20%

For the logins representing the postal addresses, the most popular services at the users who lost passwords of steel: mail.ru (in 2018 taking the 4th place), yahoo.com (leader of the rating of 2018), hotmail.com, gmail.com, rambler.ru (which rose to the 5th place from the 7th in 2018), yandex.ru, bk.ru, aol.com, qq.com and list.ru.

According to Ashot Hovhannisyan, founder and CTO of DeviceLock, the growing number of leaks as such and the use of weak passwords, in particular, suggests that, despite all the educational efforts of IT industry participants, users continue to be mainly frivolous about choosing passwords.

File:Aquote1.png
In corporate systems, where it is possible to set strict password requirements, the situation is improving. But where there is no automated control, users write exactly what is in their heads. And there "hello, love, Natasha." At the same time, hacking, for example, an online cabinet in an unimportant service allows you to subsequently quickly get to more important systems, including email or messenger.
File:Aquote2.png

Why the ji32k7au4a83 password occurs in 141 leaks

On March 7, 2019, it became known that despite the seeming reliability, the password "ji32k7au4a83" occurs in 141 leaks.

At first glance, "ji32k7au4a83" seems to be a much more reliable password compared to the popular "qwerty12345." Due to arbitrarily arranged characters, it may seem that "ji32k7au4a83" is generated by an automatic system like a password generator browser or password manager. However, this combination of characters is used as credentials data much more often than it might seem.

According to the search engine HaveIBeenPwned, which allows users to find out if their credentials are found in any leaks, "ji32k7au4a83" is contained in 141 leaked databases. The first to draw attention to this was engineer Robert Ou. Via Twitter, he reached out to users asking why the combination is so common, though at first glance it seems completely random.

File:Aquote1.png
The task: to explain why this happens and how this password can be hacked.
File:Aquote2.png

The answer turned out to be very simple - "ji32k7au4a83" is by no means a random set of characters. The fact is that in Taiwan, the Zhuin Fuhao or Bopomofo phonetic alphabet is used to learn Chinese. If you turn on the bopomofo layout on the keyboard and type "my password" in Chinese, you get "ji32k7au4a83."

This case shows that security problems can affect any language in the world, and Chinese is no exception[8]

2017 ranking: 123456 - leader

According to Bleeping Computer, experts from the California company SplashData (produces password managers, including TeamsID and Gpass) came to this conclusion based on the analysis of millions of passwords that ended up on the Web as a result of various leaks.

"123456" is a very unreliable password, but the rest in the list of the hundred worst passwords of 2017 are no better. Sports terms (football, baseball, soccer, hockey, Lakers, jordan23, golfer, Rangers, Yankees), car brands (Mercedes, Corvette, Ferrari, Harley) and expressions (iloveyou, letmein, whatever, blahblah) are very popular.

Be that as it may, the true leaders of the list of worst passwords are the names: Robert (#31), Matthew (#32), Jordan (#33), Daniel (#35), Andrew (#36), Andrea (#38), Joshua (#40), George (#48), Nicole (#53), Hunter (#54), Chelsea (#62), Phoenix (#66), Amanda (#67), Ashley (#69), Jessica (#74), Jennifer (#76), Michelle (#81), William (#86), Maggie (#92), Charlie (#95) и Martin (#96).

The first 25 passwords from the top 100 worst passwords of 2017:

1 - 123456
2 - password
3 - 12345678
4 - qwerty
5 - 12345
6 - 123456789
7 - letmein
8 - 1234567
9 - football
10 - iloveyou
11 - admin
12 - welcome
13 - monkey
14 - login
15 - abc123
16 - starwars
17 - 123123
18 - dragon
19 - passw0rd
20 - master
21 - hello
22 - freedom
23 - whatever
24 - qazwsx
25 - trustno1

2016 ranking: 123456 - leader

In January 2017, it became known that 123456 remains the most popular password in the world. This is stated in a study published by Keeper Security. According to researchers, in 2016, at least 17% of Internet users used or used this particular password in the most recent past.

The subject of the study was a total of 10 million published on the Web after various large-scale hacks. 123456 ranked first in popularity. On the second - the "more complex" password of the 123456789, on the third - the "legendary" qwerty. There are also 111111, 123123, 123321, google, 987654321 and other "complex" combinations that are selected by the "poke method."

Password 123456 remains the most popular on the Internet

Although users themselves are the first to be blamed for such disregard for the basics of security, some of the responsibility lies with site owners who do not try to introduce tougher password rules and allow easily guessed or matched combinations.

File:Aquote1.png
We can criticize the chronic inability of users to apply complex passwords. After all, it's in their own interest. However, a large share of the responsibility lies with website owners who do not introduce a policy of forced password complication even at the most basic level. This is not difficult to do, however... many don't care, the researchers say.
File:Aquote2.png

The Keeper Security publication indicates another interesting detail. The list of the most popular passwords includes combinations such as 18atcskd2w and 3rjs1la7qe. These passwords look random, but the frequency of their use shows that this is not the case.

According to the researchers, bots are serially used by these passwords to automatically register new accounts in mail services. These accounts are then used for spam and phishing.

Most likely, this means that postal service providers do not make sufficient efforts to combat bots: identical "random" passwords are a clear reason for serious suspicion. [9]

2015 ranking: 123456 - leader

SplashData presents the top most used passwords annually. The company extracts information from sources that "merge" other people's passwords to a wide variety of sites on the Internet. In 2015, SplashData analyzed 2 million different passwords, comparing the results with 2014.

The first and second lines, as in the previous year, were occupied by passwords "123456" and password. The digital set "12345678" rose to third place, displacing the simpler "12345." The famous qwerty also climbed one spot, finishing fourth.

As for "meaningful" passwords, the names of sports (football and baseball) remain just as popular. Also among the "newcomers" in the list were passwords solo and starwars, unambiguously referring to the release of the continuation of the Star Wars movie saga. They finished 23rd and 25th in the top, respectively.

2014 ranking: 123456 - leader

In September 2014, a text file with 1.26 million logins and passwords from Yandex accounts was published on the Web. The company argues that it is not the result of a hack or leak. Users calculated that the password "123456" is found in the file about 38 thousand times, "123456789" - about 13 thousand times, "111111" - about 9.5 thousand, and "qwerty" - about 7.7 thousand. Popular passwords also included "7777777," "123321," "000000," "666666," etc.

2013 ranking: 123456 takes the lead

In 2013, the word "password" ceased to be the most popular password among Internet users, said SplashData, which publishes the annual Worst Password list.

The combination of the numbers "123456" won the lead from the leader of the worst passwords of the word "password," which dropped to second place in popularity. Prior to that, "password" topped the rating for two years in a row - in 2011 and in 2012.

In third place was the combination "12345678." The top ten also includes the following passwords: "qwerty," "abc123," "123456789," "111111," "1234567," "iloveyou" and "adobe123."

The presence of the password "adobe123" in the top ten is associated with the largest leak in history, as a result of which the data of 150 million users of the developer Photoshop, Adobe Systems, were disclosed.

2012 ranking: Password is the leader

Trustwave's 2012 Global Security Report focuses on vulnerable elements in the company's information security. The authors of the report examined more than 300 incidents in 18 countries that occurred in 2011.

The report focuses on the continuing growth of cyber attacks, as well as an increase in the number of cybercriminals in the field of information security.

Most incidents arise as a result of organizational and administrative problems. The study found that 76% of violations occurred due to a security vulnerability in departments responsible for system support and development of the company.

Most of the research is devoted to the problem of using weak passwords. According to Trustwave experts, 80% of incidents occur as a result of weak passwords. Weak passwords continue to be the main vulnerability used by attackers in both large and small companies.

In fact, the use of weak and standard passwords makes it easier for hackers to penetrate information systems. Sometimes criminals do not need to use complex, thoughtful methods to hack. According to Trustwave, the most used password on the network is' Password1 '(password1). The study noted that the use of standard passwords is also inherent in working with servers, network equipment and various user devices.

In its study, Trustwave lists the most used passwords. The English word'Password 'is used in 5% of cases, and the word Welcome (greeting) in 1.3% of cases. It is also worth paying attention to the use of seasons and dates. Do not use such passwords and their options:

  • Password1
  • welcome
  • 123456
  • Winter10
  • Spring2010

Also, one of the problems is that many devices and applications are used with the original standard passwords, often giving full access rights, the study says.

2011 ranking: Password is the leader

SplashData, a company specializing in information security issues, prepared a "ranking of the 25 weakest passwords of 2011" in November 2011, based on a list of millions of real passwords stolen by hackers and published on the Internet. SplashData's "Top 25" was composed of the following:

  • password,
  • 123456,
  • 12345678,
  • qwerty,
  • abc123,
  • monkey,
  • 1234567,
  • letmein,
  • trustno1,
  • dragon,
  • baseball,
  • 111111,
  • iloveyou,
  • master,
  • sunshine,
  • ashley,
  • bailey,
  • passw0rd,
  • shadow,
  • 123123,
  • 654321,
  • superman,
  • qazwsx,
  • michael и
  • football.

So that your password does not end up in such a "list of shame," SplashData recommends inventing strong passwords containing letters, numbers and special characters, and if it is difficult for you to remember them, then you can use meaningful phrases in which spaces are replaced with a sign "_". It is not recommended to use the same password on all online services. You can also access the services of any password management system, for example, LastPass, Roboform, eWallet, SplashID or free KeePass. These systems can "remember" many passwords of any complexity for the user.

Notes