500 worst passwords


29 Responses to “500 worst passwords”

  1. Phlip says:

    Ah, but can I name a new family pet after an old password? Hmm?

    Here, YCNc&h*!

  2. regeya says:

    I won’t make the same mistake I did on Digg; I mentioned I had a self-written pwgen on my desktop along with an example of output.

    I swear, Ted Frickin’ T’so writes pwgen, and nobody else is ever supposed to write one. ;-D

  3. berpi says:

    I can’t find the word “chocolate”, and still a while back I had the chance to see a university ‘passwd’ file which had gone through a dictionary attack, and “chocolate” was the most popular password found.

  4. JonStewartMill says:

    I used to use something I saw on a hot-rodder’s custom license plate: idoxlr8.

  5. SKR says:

    What, no “god”?

  6. Jens says:

    There are also easy ways to generate nice passwords:

    Or even use bookmarklet to fill required passwords on web forms with 1 click:

  7. Church says:

    By “Link” I assume you mean something different than the usual?

  8. Ernunnos says:


  9. Alan says:

    I am always amazed that “open sesame” is never on these lists.

  10. Anonymous says:


    ’nuff said

  11. PapayaSF says:

    A couple of years ago I did a website for a smallish company. Once it was ready to be uploaded, I asked for their FTP info. They wouldn’t give it to me: security, you know. It was just a static “brochure” site, not for a bank, no ecommerce, nothing. It was like refusing to give your mechanic the keys to your ’88 Civic because you’re afraid he’d steal it. So I emailed them a zip file of the site, but they couldn’t figure out how to open it (wtf?). Finally, they broke down and gave me their login info. The security-mad client’s password turned out to be 12345678.

  12. Sork says:

    Now write a short story using these words.

  13. Anonymous says:


    OU182 should be OU812.

  14. Anonymous says:

    Anyone looking to handle and share passwords around should take a look at LassPass.com (https://www.lastpass.com/)

    It provides a simple browser plugin that allows you to generate secure passwords, fill in web forms and also to securely share specific passwords with trusted others.

    Works well for me, anyway.

  15. Anonymous says:

    “The knob!” cried Goodgulf.

  16. Anonymous says:

    Why don’t they make a system that compares a new password to a list like this or a dictionary with a few mods like adding 1 to the end and if detected refuses the password and states why.

    Simple really.

  17. Sam! says:

    The list seems obscure, most of the modern login systems won’t even let the user enter simple password like 123456. Most modern system even Window or Unix system require you to enter alpha numeric characters and some go to extent for you to enter a special character also.

  18. Anonymous says:

    How do you remember those good passwords though? Mine isn’t as bad as these listed but someone in my family or a very close friend might eventually guess it. So if I used a truly perfect password, random string of letters and numbers, how would I remember it. you never write a password down, right?

    • spejic says:

      Length makes a password exponentially harder to crack (as long as you are not using one word), so a good way to make a hard to break password that is memorable is to make a phrase (but not a cliche phrase). “MyDogRexOwns4Robots” is a better than “hy4IInXL”, and it’s much easier to remember.

  19. Crashproof says:

    What, no mellon or xyzzy? Not nerdy enough.

  20. tobergill says:

    i find a good compromise between security and rememberability is to think of a favorite song, then pick a memorable line and use the first letter of each word. so, “You ain’t nothing but a houndog, crying all the time” becomes “yanbahcatt”. Pretty much unguessable. throw in a little leet speak and voila!

    • KeithIrwin says:

      Pretty much unguessable unless other people like the same songs you do. In practice, a lot of people chose the same song lyrics, which makes the technique less useful.

  21. Sork says:

    The Plague: Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.

    Margo: Precisely what you’re paid to prevent.

    The Plague: Someone didn’t bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and…

    Margo: [glares at The Plague]

    The Plague: god. So, would your holiness care to change her password?

    /Hackers (1995)

  22. the r kelly says:

    Here’s a story: I used to work for a major bank in their customer service call center in their high-net-worth individual department. The guy next to me was helping a customer with his internet banking and had to ask him for his user name. The customer is sitting IN THE BRANCH with his private banker. My coworker then repeats aloud “ok…Cocaine Anonymous 1…gotcha.”

  23. License Farm says:

    “So the combination is 12345. That’s the stupidest combination I’ve ever heard! It’s the sort of combination an idiot would have on his luggage!”

    “’12345′? That’s incredible! I have the same combination on my luggage!”

    Actually, I have to assume “EAGLE1″ being on this list is an inside joke, seeing as that was Lone Star’s Winnebago in SPACEBALLS.

  24. KeithIrwin says:

    Wow. You know what this reminds me of? It reminds me of a story on BoingBoing. http://boingboing.net/2009/01/02/top-500-worst-passwo.html

    In fact, it’s the exact same list, just hand-written. The older BoingBoing story, by the way, is the top Google result for “500 worst passwords” and is taken from the same source that’s written down the side of the piece of paper.

  25. teapot says:

    10 from the bottom in 3rd column… Don’t they mean gandAlf? I’m sure the correct spelling of his name is more popular than a typo verion.

    Also I’m ashamed to say that one of my teenage passwords is on there…but just one.

Leave a Reply