Top 500 worst passwords

From Mark Burnett's 2005 book Perfect Passwords: Selection, Protection, Authentication, a table of the "Top 500 Worst Passwords Of All Time." (via Beschizza's Twitter)

UPDATE: As the site is down, here's the whole shebang:

NO	Top 1-100	Top 101–200	Top 201–300	Top 301–400	Top 401–500
1	123456	porsche	firebird	prince	rosebud
2	password	guitar	butter	beach	jaguar
3	12345678	chelsea	united	amateur	great
4	1234	black	turtle	7777777	cool
5	pussy	diamond	steelers	muffin	cooper
6	12345	nascar	tiffany	redsox	1313
7	dragon	jackson	zxcvbn	star	scorpio
8	qwerty	cameron	tomcat	testing	mountain
9	696969	654321	golf	shannon	madison
10	mustang	computer	bond007	murphy	987654
11	letmein	amanda	bear	frank	brazil
12	baseball	wizard	tiger	hannah	lauren
13	master	xxxxxxxx	doctor	dave	japan
14	michael	money	gateway	eagle1	naked
15	football	phoenix	gators	11111	squirt
16	shadow	mickey	angel	mother	stars
17	monkey	bailey	junior	nathan	apple
18	abc123	knight	thx1138	raiders	alexis
19	pass	iceman	porno	steve	aaaa
20	fuckme	tigers	badboy	forever	bonnie
21	6969	purple	debbie	angela	peaches
22	jordan	andrea	spider	viper	jasmine
23	harley	horny	melissa	ou812	kevin
24	ranger	dakota	booger	jake	matt
25	iwantu	aaaaaa	1212	lovers	qwertyui
26	jennifer	player	flyers	suckit	danielle
27	hunter	sunshine	fish	gregory	beaver
28	fuck	morgan	porn	buddy	4321
29	2000	starwars	matrix	whatever	4128
30	test	boomer	teens	young	runner
31	batman	cowboys	scooby	nicholas	swimming
32	trustno1	edward	jason	lucky	dolphin
33	thomas	charles	walter	helpme	gordon
34	tigger	girls	cumshot	jackie	casper
35	robert	booboo	boston	monica	stupid
36	access	coffee	braves	midnight	shit
37	love	xxxxxx	yankee	college	saturn
38	buster	bulldog	lover	baby	gemini
39	1234567	ncc1701	barney	cunt	apples
40	soccer	rabbit	victor	brian	august
41	hockey	peanut	tucker	mark	3333
42	killer	john	princess	startrek	canada
43	george	johnny	mercedes	sierra	blazer
44	sexy	gandalf	5150	leather	cumming
45	andrew	spanky	doggie	232323	hunting
46	charlie	winter	zzzzzz	4444	kitty
47	superman	brandy	gunner	beavis	rainbow
48	asshole	compaq	horney	bigcock	112233
49	fuckyou	carlos	bubba	happy	arthur
50	dallas	tennis	2112	sophie	cream
51	jessica	james	fred	ladies	calvin
52	panties	mike	johnson	naughty	shaved
53	pepper	brandon	xxxxx	giants	surfer
54	1111	fender	tits	booty	samson
55	austin	anthony	member	blonde	kelly
56	william	blowme	boobs	fucked	paul
57	daniel	ferrari	donald	golden	mine
58	golfer	cookie	bigdaddy	0	king
59	summer	chicken	bronco	fire	racing
60	heather	maverick	penis	sandra	5555
61	hammer	chicago	voyager	pookie	eagle
62	yankees	joseph	rangers	packers	hentai
63	joshua	diablo	birdie	einstein	newyork
64	maggie	sexsex	trouble	dolphins	little
65	biteme	hardcore	white	0	redwings
66	enter	666666	topgun	chevy	smith
67	ashley	willie	bigtits	winston	sticky
68	thunder	welcome	bitches	warrior	cocacola
69	cowboy	chris	green	sammy	animal
70	silver	panther	super	slut	broncos
71	richard	yamaha	qazwsx	8675309	private
72	fucker	justin	magic	zxcvbnm	skippy
73	orange	banana	lakers	nipples	marvin
74	merlin	driver	rachel	power	blondes
75	michelle	marine	slayer	victoria	enjoy
76	corvette	angels	scott	asdfgh	girl
77	bigdog	fishing	2222	vagina	apollo
78	cheese	david	asdf	toyota	parker
79	matthew	maddog	video	travis	qwert
80	121212	hooters	london	hotdog	time
81	patrick	wilson	7777	paris	sydney
82	martin	butthead	marlboro	rock	women
83	freedom	dennis	srinivas	xxxx	voodoo
84	ginger	fucking	internet	extreme	magnum
85	blowjob	captain	action	redskins	juice
86	nicole	bigdick	carter	erotic	abgrtyu
87	sparky	chester	jasper	dirty	777777
88	yellow	smokey	monster	ford	dreams
89	camaro	xavier	teresa	freddy	maxwell
90	secret	steven	jeremy	arsenal	music
91	dick	viking	11111111	access14	rush2112
92	falcon	snoopy	bill	wolf	russia
93	taylor	blue	crystal	nipple	scorpion
94	111111	eagles	peter	iloveyou	rebecca
95	131313	winner	pussies	alex	tester
96	123123	samantha	cock	florida	mistress
97	bitch	house	beer	eric	phantom
98	hello	miller	rocket	legend	billy
99	scooter	flower	theman	movie	6666
100	please	jack	oliver	success	albert

David Pescovitz is Boing Boing's co-editor/managing partner. He's also a research director at Institute for the Future. On Instagram, he's @pesco.

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

TEKNA2007

rundgren@10

rush2112 FTW!

AAPOTSF – Attention all planets of the Solar Federation!

change_on_install
Craigger1

I’m thinking that some government agency needs to be monitoring what some of these people are doing on the Internet!
misshallelujah

I’m going to have to second the question:

Why “abgrtyu”?

It’s pretty much the only one on the entire list for which I can’t fathom the use of, much less the easy guessing of…
Anonymous

the best password is virus so that when hackers are hacking and the password displays to them they read Virus and they will be like we got an error and they keep trying lol :p
Anonymous

ThunderBird@%50001
Anonymous

I’ve always gone by Clifford Stoll’s (author of “The Cuckoo’s Egg”) idea for passwords: two or three short words along with a number.

It’s easy to remember and hard to crack, especially if you use words in languages other than English and in different orders.

Examplea: oui62bub, tadquoi99, icktern153

Any password can be broken in time by brute force (testing all possible alphanumeric passwords one by one) so these are as secure as any.
Anonymous

I tend to use an 11 letter password, exchanging I’s for ones, and O’s with zero, which gives me a medium secure result. However, for real security, gibberish is best, or special characters like â‚¬â€¦Â¼Â¥vP-kÃ¯Â·8Ã¢â€ºÃºÂ£d+Ã‹Ã–â„¢|Â¹Â¤Ã™TÃ¢Â¢).
Uncle_Max

@38 bcsizemo: “I want to know how many people under 25 even have a clue as to what THX1138 even is? Hell I could ask most people over 30 and I bet less than 20% would have a clue.”

I’d say it’s more than you’d think, since as Lucas’ first feature-length movie anybody who is into film/geekdom will have at least heard of it at some point. Whether or not they’ve seen it is a different story. You might have better luck using “THX-1138 4EB” as a password though, or any of the random character names.
notKeith

I create excellent hard-to-break passwords by using alt+keypad combinations on my stoopid windoes computer:

alt+0222 is Ãž
alt+0241 is Ã±
alt+0153 is â„¢
alt+0169 is Â©

You gÂ¡t thÃ© drift…
Peter

Surprised ‘swordfish’ isn’t on the list.
RedShirt77

I always thought the worst one was the one taped to my screen
jeremedia

This is the third time I’ve seen a link to this list, yet I’ve never seen the actual list due to the site being destroyed by the incoming traffic.
GeekMan

“So the password is: ’12345′?

That’s the stupidest password I’ve ever heard! That’s the kind of thing an idiot puts on his luggage!”

At least essential one thing I need to know for IT, I learned from SpaceBalls.
classic01

In my experience in average the most repetitive passwords are “test”, “temp”, “asdf” Also there were quite a few passwords that had some simple name with “123″ after.

As a Microsoft security expert once suggested. The best passwords (when the field allows it) are made of a simple and long phrase. It is easy to remember and impossible to guess.
lpetrazickis

I think “abgrtyu” is a plagiarism preventer, to be able to tell when another site has stolen the list. Similarly, dictionary publishers like to add a fake word to each edition of their dictionary to make sure no one’s stealing content.
Zan

Why is “0″ on the list twice?
- Anonymous
  
  The first one is octal the second one binary
Midtownhipster

Two of my friends have these bike locks which require you to set the combo on purchase. If you don’t set it it’s 0000. And yes that is their combination because they didn’t bother to read the directions.

http://www.amazon.com/Schwinn-12MM-Cable-Combo-Bicycle/dp/B000DZGLSW
Anonymous

I’m not techy at all, but I have used those weird alphanumeric codes that you must decipher when getting a new email addy. I also use only the first letter of a foreign language phrase with a few numbers that mean something to me, thus easy to remember. They show as “strong”. I don’t live in California, but I love their license plate numbers.
Dewi Morgan

#89: It’s a common myth that these forms of obfuscation are worthwhile. However, p4s5W0rD has only about 16 bits more potential randomness than the unmunged word “password”: one bit per letter for the number substitutions, and one bit per letter for the capitals. Most cracking scripts are well aware of number substitution and case shifting, so neither adds anything significant to the password. Adding three additional characters would be easier to remember and to type, and harder to crack: passwordskx, for example.

However, as has already been said, it is all relative. 16 bits more protection is 16 bits, and if you’re not protecting something important enough to tunnel encryptedly over the wifi, and use a full passphrase, then sure, messing with case and kiboizing the text will add some small layer of protection.
Anonymous

It’s about time someone threw that Hacker quote in there. First thing I thought of…
Anonymous

“Nos0illegitimi1non2tatum3carborundum.”
BEAT that password (and yes i use the quotations also) :-P
Anonymous

I hate to ask this, but how in the heck would the author know these are the top 500?
Anonymous

Secure passwords are easy if you simply take your favorite lyrics or sayings and use the first letter of each word.

They can be really long and then throw in the name of the site or group you are working in so the bots don’t guess it.

GMAIL PASSWORD = bjinmlsjagwctiatoggmail

“Billie jean is not my lover
Shes just a girl who claims that I am the one”

Easy to remember and HARD to crack
Anonymous

i find the most secure passwords are just an easy to remember word written in 1337. alternate caps and numbers. “p4s5W0rD” is alot more secure than “password”.
Benth

“abgrtyu”: Watch what your fingers do when you type it. Only explanation I can think of.
Sunfell

My firewall warned me that this site tried to access ‘illmob.com’, which is apparently a malware site. Fortunately, the firewall blocked it.

:pats firewall software:
Anonymous

To #37 #19 and #6 regarding the appearance of two zeros in the list. Best explanation I saw on this was spreadsheet truncation. Depending on your settings any length of string consisting of only zeros stands to be truncated into a single zero. Not sure if it was truncated in the original or in the process of moving. But it seemed like a good reason and though I would virus it on over.

Anonymous
batu b

the best password generator I’ve heard of is the acronym for a simple phrase, which generates nonsense, but is easy to remember. such as
“this password is nonsense but is easy to remember”
provides the password
“tpinbietr”
Dante

Casper? Hmmm. These passwords sounds like beatnik poetry where read aloud from left to right. I suspect a coupla band name’ll arise from this list.
Anonymous

I can’t believe bootylicious didn’t mAke the list!!
SednaBoo

Ok, so is this a list of the most common passwords? Is that what makes them the “worst?” I’d like to know the criteria. I am assuming that being published in a big list on BB is one.
edwardsch

For those of you finding that the site is down, this appears to be a mirror: twinturbo.org/security/top-500-worst-passwords-2008/

I see no credit to the original site at the moment though. It would seem fair to me if the author of the post mentioned the original source.

As far as the list goes, I really thought ‘admin’ would be on it. admin/admin is a default setting for the administrative interface for ALL the Wlan router types I set up so far (mind you, that’s not a big number, but still).
Purly

What’s so funny is that I’ve known people who used these passwords. Basically, the same people that will tell you their password if you ask!
Tarantio

“srinivas”
#283

Google and wikipedia seem to think that this is the name of an electric mandolin player. He appears to be prominent in India, but he’s played all over the world, and with western musicians.

I just can’t figure out why he would be on this list. I’d never heard of him before, nor had my mother. It doesn’t seem he was ever particularly popular in the west. There don’t seem to be any other indications of non-American culture or language on the entire list.

It seems unlikely that this snippet of Indian culture would filter through alone. Is there some reason that this particular artist would make the list? Perhaps an unusual popularity among IT professionals, or some famous other association for the name with which I’m unfamiliar?

Or did the just try to filter out all of the foreign language passwords, and miss one?
rundgren

rush2112 FTW!
Soon Lee

“abgrtyu”:

Is it the QWERTY analogue from a non-QWERTY keyboard layout?
- Anonymous
  
  lol non qwerty keyboards are in alphabetical order it was orginally used on type writers.
Anonymous

How does the author know which passwords are the most popular?
ROSSINDETROIT

When I was a mainframe applications developer, all systems went into production with some test passwords still in the code. By accident, of course. If you’re ever stuck in a CICS screen* & can’t get through, you might get lucky with ’9999′. It’s worth a try.

*Now about as likely as needing the carburetor on your car adjusted.
Anonymous

What surprises me is that ‘foobar’ is not on the list.
Spherical Time

Anyone have any idea how “abgrtyu” made it on to the list, or what it stands for?

Google thinks that it should be “abg rtyu” and suggests that “abg” means “accidental boob/bum graze/grab” but had no similar suggests for rtyu.

This is bothering me. If anyone knows, I’d be grateful for resolution.
Tweeker

Yes, I too am surprised about the lack of any default passwords on the list.

I am going to guess admin before I guess blowjob.
LieutenantLefse

What, no reindeerflotilla?
Anonymous

Bark bark
Adam Fields

I refuse to believe that “password” is not #1. This gross error casts doubt on the entire list.
aelfscine

‘chester?’

Doesn’t strike me as nearly as common as something like ‘admin’ or the others.

Was there some movie with Evil Archvillain Chester or something that I missed?
Anonymous

I always liked passwords that use phrases you know by heart but aren’t obvious. Even if they see you type bbroygbvgw they aren’t going to be able to remember it long enough to write it down unless they are old electricians.

Another way to do it: pick some song lyrics, throw in a symbol and another string and you have an amazingly secure password: aobtd^egbdf (Hint, the first one is popular queen lyrics, the second you should know, and may actually be too common to use)
Maneki Nico

Ha! Dig the shout-out to Tommy Tutone at #371. That damn song is forever stuck in my head for having listened to a girlfriend’s brother’s band rehearsing it in her basement one looong summer.

“I got it (I got it), I got itâ€¦”
Anonymous

abgrtyu – think about it!

Try typing it with one hand, first comes the A, and then you lift your hand off the keyboard and go to the B, After the B you simply drag your finger across the rest of the letters GRTYU.

In case you dont get it, its easy because after the A, every letter is next to each other on the keyboard.

A BGRTYU see?
nanuq

There are hacking programs that try out multiple passwords to see which one works. The best ones have specialized dictionaries and use different letter and number combinations. Over time, these programs are supposedly able to crack half of all passwords except for the most difficult ones.
Master Gracey

Make that Top 499 worst passwords

Number 358 and 365 are the same “0″

Also, I doubt any program that requires a password would accept “0″, a single character password.

Maybe we could replace one of the “0″s with a password that is one of the few things Richard M. Stallman and I have in common – a preference to use the “enter” key as our non-password password.

That is arguably the worst password, and I didn’t see it on the list, though the word “enter” is listed…
Master Gracey

Thraxamer said:

Given the font on this page (Garamond?), I think one of those “o” passwords is actually a zero (0).

The linked-to page HTML source shows this as the number zero, listed twice. I grabbed the list, shoved it into a spreadsheet and sorted the results, and it came up as two identical digits, the number zero.

Conclusive, no, but indicative of a typo/repeated password at the least…
bcsizemo

I want to know how many people under 25 even have a clue as to what THX1138 even is? Hell I could ask most people over 30 and I bet less than 20% would have a clue.

And I agree about god. I thought for a min that the list was at least 4 characters long, that was until I saw o twice….

Frankly if you are techy you probably either have a decently secure password, or something stupid as like ZOMG!…or N00B or WTFBBQSauce!!!1111

lulz..
Agent 86

How about “Top 500 worst English passwords”?

I find that using 2-3 simple words in multiple other languages makes for a fine password.
Drhaggis

Everyone should send in their passwords so they can compile the list of Best passwords.
Anonymous

Go to https://www.grc.com/passwords.htm

Gibson Research has a several random password generators. There is a 63 random alpha-numeric character (a-z, A-Z, 0-9) unique password generator
which you can use part or all of.
John Miles

I once hacked the cc:Mail system at a, um, well, a large tech company in Austin. The most common password — one of the few that showed up more than once — was “JESUS”.
IamInnocent

This list can actually be used to dress the most psychological profile of those common users. Lots and lots of sexual frustration I see…
jwz

These might be the most popular passwords, but none of them are any worse than another. Any password that is present on the common password lists is equally bad, because cracking software doesn’t get bored and give up at number twelve, it tries them all. The least common English word in the dictionary is exactly as bad as the first password on this list.
Anonymous

We ran a scan once of about 100,000 e-mail addresses in our system and found a huge proportion had either the numbers “007″ or “69″ in them. A lot of guys either horny or harbor James Bond fantasies or both.
Anonymous

Comment from the site about the double 0 issue:

“On the comment that the number zero shows up twice, I would have to bet that is a formatting issue. With most spreadsheets, â€œ000â€³ or â€œ0000000â€³ would be converted to â€œ0â€³ by default. So if this had been stuck into a spreadsheet that was not formatted as â€œtext,â€ this conversion would have taken place automatically.”
Anonymous

What, no KNOCKERS?
Ernunnos

No CPE1704TKS? Not enough geeks being polled.
Thraxamer

@Zan,

Given the font on this page (Garamond?), I think one of those “o” passwords is actually a zero (0).

That’s just my guess. Maybe the font on the actual site or its mirror makes it easier to parse.
ravenword

I like to use foreign phrases re-spelled into nonsense English. For example, “s’il vous plait” becomes “SeaVooPlay,” or “SillVousePlate,” or something like that. Add a few numbers if required. (S33VooPlay…) and, at least according to Google’s password strength checker, they tend to be pretty good.
Anonymous

I had to explain to someone that just because the screen showed ******** – that was not a suggestion for her password ;)
jungletek

#61: Nice perspective, and sound logic.
avraamov

someone who’s online banking was never compromised:

http://en.wikipedia.org/wiki/File:Schwitters_Ursonate.ogg
wynneth

This list is pisspoor for not including the obvious “god” and “zeus”. I can attest to how popular these were among high school systems administrators and public librarians during the mid 90s!!!
Anonymous

The last place I worked, the new IT manager objected (rightly) to the use of ‘god’ on various systems. He asked me to go and change them all, which I did. When he asked me what the new password was, I told him: ‘deity’.
Anonymous

Simply, and brilliantly :

Nincompoop

No one can dig that out!
Anonymous

what would be top passwords for a mac with the hint being “woof woof” ?
Evil Jim

I figured you can increase your security at the actual keyboard while entering a password by incorporating a “mistake” or two & using the backspace key. However, a very attentive onlooker might notice this as well.
skeeto

The strength of your password depends on how the password is going to be used and what kind of access and attacker has to the system. You just need your password to be stronger than the weakest link in the system so that it isn’t the weakest link. For example, for your car, your windows are the weakest link, so upgrading your car’s locking mechanisms will not gain you anything in terms of security. The attacker won’t bother with your password, but go for whatever else is weaker (i.e. smashing the window). Strong passwords tend to take longer to type and are easier to forget, so you want it to be just strong enough, but not too strong. You don’t want to spend an hour typing in your super-strong password (let alone memorizing something like that!). Also, if you make them too strong they become weak because you will write them down.

(There would also be no point in making them longer/stronger than the hash function that the system ultimately runs them through. Also, by “strong” here, I mean “hard to brute force”.)

If the password is simply providing access to the system at a single terminal, like your home computer, most of the passwords on this list would probably do. It is to keep your friends from playing pranks on you, or to keep your children away from your porn collection (or whatever else you collect, you perv). “Locks keep out only the honest,” they say. Your hardware is sitting right there, and therefore an attacker has physical access to the machine. He can bypass the software that checks the password using that physical access (directly modifying the hard drive, using a live CD, etc).

If your home computer is locked up in a closet, you still don’t even need a very strong password, because your software can limit the amount and frequency of attempts. The attacker could be limited to, say, 10 guesses before locking them out. The closet door will already be the weak security link. In fact, it would probably be much easier to kick it in or pick the lock (and picking most locks is actually very trivial!) than guess a bunch of passwords.

Then there are systems where your password is sent in plaintext, like telnet logins and most websites (including BoingBoing). If you ever use these services at the coffee shop on their wireless connection, you just broadcasted your password to everyone in the area. Strong or weak, your password doesn’t matter once you did that.

As a side note, with systems accessible from the Internet, someone controlling a botnet could potentially make many guesses at your password because it would appear to be many different people each making a few attempts rather than a single person making many: harder to stop. This is why these days they say you should go passwordless when using ssh, using the generated keys instead (I don’t do this … yet). However, even with a botnet, the attempts would be much fewer than someone brute forcing your encryption, leading to …

When it comes to encryption you need to start having strong passwords, or even passphrases (depends on who you want to keep out). This is where an attacker will be able to make many billions of brute force attempts at his leisure, which he can’t do when guessing your webmail password. He could even have a bunch of computers work at the problem. The faster he wants to crack it, the more computers he will need and the more expensive it gets. This is why (plain) DES has been depreciated, because someone can crack any DES encrypted message with around $10k of hardware.

Most passwords won’t do in this situation because you need something very hard to guess. It needs to stand up to all that guessing. Of course, you can go overboard here too. Having an entire paragraph as your passphrase (a passparagraph?) would be overkill if you don’t have a major military guarding your computer hardware and home. It would become so expensive to brute force that it would simply be cheaper to break into your home and install a keylogger (now the weak link). Or they be less subtle and get out the rubber hoses or throw you in jail (like the UK does when you won’t give them your encryption keys).

Anyway, if you are still with me, my favorite way to generate passwords and passphrases is with Diceware. All you need is some six-sided dice, so break out your Monopoly board. Independent of the computer, it makes easy-to-remember passwords of adjustable and measurable strength that are also very easy to type: they are just words. I usually just use them as a lowercase series of words: 2 for a password, 5-10 for a passphrase. Unfortunately, many systems will incorrectly tell you (there are lots of crappy programmers out there, and they all mess up e-mail validation too) these are bad passwords and not let you use them, so you might have to spunk them up with some capitals and odd characters to please their idiot circuits.
Gemma

I assume that sexsex comes from sex being rejected as too short a password. Hmmm. What could I use instead?
ciscogrant

To create a strong password just combine 2-3 of these “bad” passwords together horizontally…Hilarity will ensue!

For example:

crystal nipple scorpion
nicole bigdick
pussy diamond
muffin cooper
pass iceman porno
suckit danielle

See what I mean? Good luck hackers!
Bitgod

Oh good, I was smart and added 123 after asd, I guess I’m safe. That was for an old website though. On the downside, the password for the eWallet on my phone is on that list. Guess I should rethink it, I just didn’t want to type in a complicated password on the phone. At least it’s not in the top 200. :)
genes

omg two of my passwords are on that list :D
Jonnan

Just because this may be useful to people – the best password ‘manager’ I’ve come across for the web is the http://passwordmaker.org/ (Website, downloadable java package, and firefox plugin, all do the same thing.) which hashes a master password with the sitename.url for a given website for a non-random but non-guessable password.

You do need to remember four things to use it on different systems – your master password, the hash system (MD5, SHA-1, etc), password length, and list of legal characters (alpha, alphanumeric, alphanumeric+symbolic, etcetera).

But with those four things you can reproduce your password for any website from the plugin, the website, or the java download, and if one particular website, credit card company, et al get’s hacked you haven’t had *every* website you use compromised.
Dewi Morgan

The site is no longer down, so the full list could be removed.

I’m glad to see nobody advocating case sensitivity in passwords here. For the extra bit of information it adds per letter (actually, usually an extra bit per password, since people generally capitalise only the first letter), it gives a huge feeling of false security, and causes a great number of helpdesk calls by people with the caps lock key enabled.

No password or system which relies on the state of the shift key for security is secure.

I suspect this list is culled from a specific company or collection of them, and so has a bias to the region: hence why an Indian artist gets in, and admin and changeme don’t.

Me, to a friend in the US: “I’ve got the worst possible password for my account. You get one guess.”

Friend: “changeme”

Me: “bingo”.

We had not previously discussed password security. I’d be surprised to see that password missing from any true, non-regionalised list of bad passwords.
Anonymous

asdfgh?? hahahah qwerty… haha again.. quite a lazy password setter!!!
Anonymous

Gilbert Anonymous here:

It’s sad that so little imagination is apparent.knows augusta
TotalForge

There’s a very good password generator built into Mac OS X, Password Assistant. In System Preferences, click Accounts, then Change Password. You won’t change your password, just borrow the password generator.

Click the key icon. Now, click Cancel in the change password sheet. Your account password is unchanged, and the Assistant stays on screen.

Now you can pick different password types from the Type popup, pick one from the Suggestions list, or type one in and look at the Quality indicator to see if your entry is secure enough. Password Assistant will give you the tough love you need.

If you need help remembering your secure password, don’t use Stickies. Launch Keychain Access. Choose File menu/New Secure Note, and store your password. Your login password will unlock the note if you need to see it.
Bryan Price

Yeah, my default password, and my other passwords aren’t on the list! It’s probably 501 though.
djdocremixed

I was happy to see that “letmein” is still in style…Ah, the happy days of Novell…

I remember spending most of high school running around to different classrooms using that backdoor to help teachers who forgot their passwords.
Anonymous

This is just for a laugh, you may find some more funny combinations than I did. Have you tried to build whole sentences out of the bad passwords? Look at line 34 or line 58 – is it a hint of Tiger Woods passwords? :)
mahaman55

Lol i like # 144. (Trying to hack password)”What is it, qwerty, no, 123456, no, wait i got it, gandalf, yes it worked”
Anonymous

I like reading them horizontally. It’s “london hotdog time” for the “maverick penis”
tw15

There was a hackers handbook in the 1980s by a chap who’d hacked into Prince Phillip’s Prestel account which stated “password” and “fred” were the most common passwords. The book got banned after a few years.
joelfinkle

’bout 15 years ago, I was doing computer support, and the system required changing passwords every 90 days. Just about every executive admin used “spring”, “summer”, “autumn” (fall was too short) and “winter” until the system started requiring non-repeated passwords, at which point all you had to do was append the last two digits of the year…
Anonymous

I’m amazed that nothing related to shows like PokÃ©mon and Digimon aren’t on there, unless I missed a few.

At first, I didn’t understand what QWERTY was, until I noticed that you start from Q and go along to Y.
Such lazy people.

Why have Passes like that if other people use them?
Anonymous

The most common password that I see is the password is the same as the username (about 90%), or some variation thereof (add a 1, 123 or the username backwards) – and a quick test on a database with 1000s of users shows that the username-based passwords get more hits than the whole list of 499 here.

Of course if I add a dictionary the hit rate increases by 300%
Daemon

I don’t know about zeus, but I’m with #21 on the list being suspect for not having “god” on it. Every other “passwords you should never use” article, list or whatnot I’ve ever seen has always put god pretty high up on the list.
Bonnie

And what the hell is wrong with “Slayer” !?
I suppose “Bon Jovi” would be a better password?
Anonymous

How did he get that list in the first place,
aren’t passwords on enterprise grade systems supposed to be one-way encrypted?
Anonymous

no “admin” or “passtemp” ? wtf
Anonymous

ok! thanks! i love it very much!
Anonymous

I know a guy who had a password ‘abcdefghij’

I hacked him sooooooooooo many times
querent

I would have thought “thx1138″ would have been pretty good. hm.
- adjusttint
  
  no
  prisoner transfer from
Anonymous

‘srinivas’

is the name of a very popular deity in south india – SrInivas – and hence a very popular/common name in south india.
Anonymous

my password is ********
Anonymous

Vote for 1234567 (39th) since 123456 is 1st and 12345678 is 3rd.
adunaphel13

the admin password for my router and the passcode is so secure i had to write it down on a piece of paper and slip it inside the CD case for the installer.
adunaphel13

“are so secure” and “write them down” and… oh shucks, you guys get the point.
iamcantaloupe

“Okay, what are the three most commonly used password?”

“Uhhh, love, sex… and uh… secret!”

“And don’t forget God man. System administrators love to use God, it’s that whole male ego thing.”

“Hey man, who ate all my fries?”