500 worst passwords


[Link via Laughing Squid]


  1. I can’t find the word “chocolate”, and still a while back I had the chance to see a university ‘passwd’ file which had gone through a dictionary attack, and “chocolate” was the most popular password found.

  2. Why don’t they make a system that compares a new password to a list like this or a dictionary with a few mods like adding 1 to the end and if detected refuses the password and states why.

    Simple really.

    1. What makes you think they haven’t? There are plugins for some operating systems which do just that.

  3. Here’s a story: I used to work for a major bank in their customer service call center in their high-net-worth individual department. The guy next to me was helping a customer with his internet banking and had to ask him for his user name. The customer is sitting IN THE BRANCH with his private banker. My coworker then repeats aloud “ok…Cocaine Anonymous 1…gotcha.”

  4. “So the combination is 12345. That’s the stupidest combination I’ve ever heard! It’s the sort of combination an idiot would have on his luggage!”

    “‘12345’? That’s incredible! I have the same combination on my luggage!”

    Actually, I have to assume “EAGLE1” being on this list is an inside joke, seeing as that was Lone Star’s Winnebago in SPACEBALLS.

  5. How do you remember those good passwords though? Mine isn’t as bad as these listed but someone in my family or a very close friend might eventually guess it. So if I used a truly perfect password, random string of letters and numbers, how would I remember it. you never write a password down, right?

    1. Length makes a password exponentially harder to crack (as long as you are not using one word), so a good way to make a hard to break password that is memorable is to make a phrase (but not a cliche phrase). “MyDogRexOwns4Robots” is a better than “hy4IInXL”, and it’s much easier to remember.

  6. The Plague: Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.

    Margo: Precisely what you’re paid to prevent.

    The Plague: Someone didn’t bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and…

    Margo: [glares at The Plague]

    The Plague: god. So, would your holiness care to change her password?

    /Hackers (1995)

  7. 10 from the bottom in 3rd column… Don’t they mean gandAlf? I’m sure the correct spelling of his name is more popular than a typo verion.

    Also I’m ashamed to say that one of my teenage passwords is on there…but just one.

  8. I won’t make the same mistake I did on Digg; I mentioned I had a self-written pwgen on my desktop along with an example of output.

    I swear, Ted Frickin’ T’so writes pwgen, and nobody else is ever supposed to write one. ;-D

  9. A couple of years ago I did a website for a smallish company. Once it was ready to be uploaded, I asked for their FTP info. They wouldn’t give it to me: security, you know. It was just a static “brochure” site, not for a bank, no ecommerce, nothing. It was like refusing to give your mechanic the keys to your ’88 Civic because you’re afraid he’d steal it. So I emailed them a zip file of the site, but they couldn’t figure out how to open it (wtf?). Finally, they broke down and gave me their login info. The security-mad client’s password turned out to be 12345678.

  10. Anyone looking to handle and share passwords around should take a look at LassPass.com (https://www.lastpass.com/)

    It provides a simple browser plugin that allows you to generate secure passwords, fill in web forms and also to securely share specific passwords with trusted others.

    Works well for me, anyway.

  11. i find a good compromise between security and rememberability is to think of a favorite song, then pick a memorable line and use the first letter of each word. so, “You ain’t nothing but a houndog, crying all the time” becomes “yanbahcatt”. Pretty much unguessable. throw in a little leet speak and voila!

    1. Pretty much unguessable unless other people like the same songs you do. In practice, a lot of people chose the same song lyrics, which makes the technique less useful.

  12. The list seems obscure, most of the modern login systems won’t even let the user enter simple password like 123456. Most modern system even Window or Unix system require you to enter alpha numeric characters and some go to extent for you to enter a special character also.

Comments are closed.