63 {{ upvoteCount | shortNum }}
63 {{ upvoteCount | shortNum }}

Make Sure You're Not Using One of the 500 Most Commonly Used Passwords...Here's the List

by Dennis Gaskill
52 replies
One out of 5 people use one of the top 500 most commonly used passwords. These are the first passwords experienced hackers try when they're trying to hack your website. You might want to make sure YOUR password isn't on this list:

500 Passwords you should never use - unless you want your site, email, and accounts hacked

Note to mods: This is not my site nor am I affiliated with it in any way. Just thought this might help save some folks from getting hacked.


Edit: By the way, if you don't want to read the entire list just use the Edit/Find function of your browser and search for your password. Only takes a couples seconds that way.

Also, for those who don't know, a strong password will look something like this: r4F&gJ%bb8Z^e)
That's the kind of password you should be using.
#500 #commonly #list #make #passwordshere
  • Profile picture of the author bizman413
    Lol, I'm surprised "password" isn't the first one up there. Luckily my password is near impossible to guess.
    {{ DiscussionBoard.errors[3096867].message }}
    • Profile picture of the author Dan C. Rinnert
      123456 is not a good password? Who would have thought?
      Signature

      Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

      Dan also writes content for hire, but you can't afford him anyway.
      {{ DiscussionBoard.errors[3096879].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by bizman413 View Post

      Lol, I'm surprised "password" isn't the first one up there. Luckily my password is near impossible to guess.
      That surprised me too, along with "admin".
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[3096886].message }}
    • Profile picture of the author CyberSorcerer
      Originally Posted by bizman413 View Post

      Lol, I'm surprised "password" isn't the first one up there. Luckily my password is near impossible to guess.
      Actually, hackers/crackers don't waste time on guessing passwords they just use a password cracker program.

      I have Pentium III laptops that do nothing put crack password files and run 24/7 so eventually the password will get cracked.

      I must mention also, if you look under my avatar, that I'm a security researcher/consultant, among a number of other things, which means I also do penetration testing for government, business, private organizations.

      Just wanted to mention that before someone got the wrong idea about why I have such programs.
      {{ DiscussionBoard.errors[3096905].message }}
      • Profile picture of the author Dennis Gaskill
        Originally Posted by CyberSorcerer View Post

        Actually, hackers/crackers don't waste time on guessing passwords they just use a password cracker program.

        I have Pentium III laptops that do nothing put crack password files and run 24/7 so eventually the password will get cracked.

        I must mention also, if you look under my avatar, that I'm a security researcher/consultant, among a number of other things, which means I also do penetration testing for government, business, private organizations.

        Just wanted to mention that before someone got the wrong idea about why I have such programs.
        I learned about those kind of programs when I did research into how hackers operate when my website got hacked. Still, this list does represent the most common passwords and is illustrative of the kinds of passwords you shouldn't be using. From what I gather though, the "script kiddie" kind of hackers often are guessing.

        Also, don't some of those cracker programs use "favorites" lists, where they'll try common passwords first? I could be wrong, but I was under the impression they do, and hackers simply trying to get free software or gain bragging rights often move on to easier targets if they don't break in quickly. Obviously I'm not referring to professional hackers or those with a firm target like NASA or Microsoft. Hackers of opportunity, you might say.
        Signature

        Just when you think you've got it all figured out, someone changes the rules.

        {{ DiscussionBoard.errors[3096951].message }}
      • Profile picture of the author Silas Hart
        Originally Posted by CyberSorcerer View Post

        Actually, hackers/crackers don't waste time on guessing passwords they just use a password cracker program.

        I have Pentium III laptops that do nothing put crack password files and run 24/7 so eventually the password will get cracked.

        I must mention also, if you look under my avatar, that I'm a security researcher/consultant, among a number of other things, which means I also do penetration testing for government, business, private organizations.

        Just wanted to mention that before someone got the wrong idea about why I have such programs.
        Crap, I was about ask how I get a hold of such programs.
        {{ DiscussionBoard.errors[3098226].message }}
        • Profile picture of the author smartlazy
          Banned
          Thanks for the list. I used to have a password that has an adjective plus the year I was born. Now I use a different password with random letters, numbers and symbols up to 12 characters. It's difficult to remember but I use LastPass to manage all my passwords. It's better than Roboform in my opinion.
          {{ DiscussionBoard.errors[3098570].message }}
    • Profile picture of the author Willie Crawford
      Originally Posted by bizman413 View Post

      Lol, I'm surprised "password" isn't the first one up there. Luckily my password is near impossible to guess.

      How'd you guess my password?

      I guess I'll change it to NewPassword
      Signature

      Here's A Ready-Made High Ticket Product To Make Your Own.
      Click To Go BIG!

      {{ DiscussionBoard.errors[3098857].message }}
  • Profile picture of the author John Atkins
    Interesting list.

    It's funny how simple these passwords
    are. No wonder their accounts
    get hacked.

    They could at least use some capital
    letters to make it a little bit more
    difficult but no... :/
    {{ DiscussionBoard.errors[3096885].message }}
  • Profile picture of the author paulie888
    Unbelievable. I guess the average person on the street does not take computer security seriously - until and unless his account gets hacked into!
    Signature
    >>> Features Jason Fladlien, John S. Rhodes, Justin Brooke, Sean I. Mitchell, Reed Floren and Brad Gosse! <<<
    {{ DiscussionBoard.errors[3096898].message }}
    • Profile picture of the author Dan C. Rinnert
      Originally Posted by paulie888 View Post

      Unbelievable. I guess the average person on the street does not take computer security seriously - until and unless his account gets hacked into!
      But then they'll blame everything but a weak password.
      Signature

      Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

      Dan also writes content for hire, but you can't afford him anyway.
      {{ DiscussionBoard.errors[3096909].message }}
      • Profile picture of the author paulie888
        Originally Posted by Dan C. Rinnert View Post

        But then they'll blame everything but a weak password.
        Well, if people are too dense to learn from an experience like that, then they deserve to get hacked into.
        Signature
        >>> Features Jason Fladlien, John S. Rhodes, Justin Brooke, Sean I. Mitchell, Reed Floren and Brad Gosse! <<<
        {{ DiscussionBoard.errors[3097211].message }}
      • Profile picture of the author pappyy3
        Originally Posted by Dan C. Rinnert View Post

        But then they'll blame everything but a weak password.
        That's such a lame comment.

        The blame should be on the hacker ... NOT the password.

        Why do we make excuses for Hackers?
        Signature

        Tonster

        {{ DiscussionBoard.errors[3097333].message }}
    • Profile picture of the author PhoebeSmellyCat
      I used to make my passwords so complicated that even I couldn't get into my own sites...:rolleyes:
      Signature
      {{ DiscussionBoard.errors[3096920].message }}
    • Profile picture of the author Shaun OReilly
      I use RoboForm to save and autofill hundreds of good
      passwords.

      I usually use long passwords that contain letters, numbers
      and special characters.

      For some applications that need to be ultra-secure, I use
      the following site to generate unique 64-character long
      passwords:

      https://www.grc.com/passwords.htm (no affil.)

      Dedicated to mutual success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[3096924].message }}
    • Profile picture of the author Defunct
      Originally Posted by paulie888 View Post

      Unbelievable. I guess the average person on the street does not take computer security seriously - until and unless his account gets hacked into!
      Yeh and then they change it from donkey to donkey1.
      {{ DiscussionBoard.errors[3098125].message }}
      • Profile picture of the author paulie888
        Originally Posted by Defunct View Post

        Yeh and then they change it from donkey to donkey1.
        The truth of the matter is that no password is truly 100% secure, as computer programs can try out millions of variations/permutations and eventually guess yours. It's not very practical though, as a hacker doesn't have unlimited chances to guess a password when trying to log into a person's account.

        As long as your password is a fairly cryptic alphanumeric combination and it does not include the name of your dog, cat, wife or car, etc. I'd say that you're fairly secure from intrusion by hackers. Especially if you change your password on a regular basis, it's unlikely that anyone will be able to easily figure it out.
        Signature
        >>> Features Jason Fladlien, John S. Rhodes, Justin Brooke, Sean I. Mitchell, Reed Floren and Brad Gosse! <<<
        {{ DiscussionBoard.errors[3099028].message }}
  • Profile picture of the author James Rogers
    I used to have a very stupid password before, very easy to discover: my name and the year I was born. One day my wife wanted to see my email inbox. She thought she could find some "evidence" of cheating there. She tried only two times before guessing the right one.

    There were no evidence there of course

    Now I use very hard to guess password. Include numbers or symbols if possible
    {{ DiscussionBoard.errors[3096913].message }}
    • Profile picture of the author Devid Farah
      Well,fortunately i never used one of those 500 passwords.

      Unfortunately, no password is completely hacker-safe....but having a strong password certainly helps to keep hackers out and your site safe.

      To make a very strong password mix capital letters,numbers and make it at least of 8 character long which is very difficult to guess.

      The best passwords are random strings of letters and numbers.
      Signature
      {{ DiscussionBoard.errors[3097013].message }}
  • Profile picture of the author matt5409
    lol, just skim read that page and saw "bigdick". interesting to see that the male ego extends into what password one might choose. bizarre.
    {{ DiscussionBoard.errors[3096918].message }}
  • Profile picture of the author James Rogers
    Lol! I just saw number 13 is "master". I used to use that as well
    {{ DiscussionBoard.errors[3096936].message }}
  • Profile picture of the author Paul Myers
    Some interesting insights there. For example, "yankees" is at #62, while "redsox" is at #306. Batman beat Superman. Tigger is at #34, but Pooh Bear doesn't appear in the list at all. And a lot of them are sex-related.

    CyberSorcerer,

    "Eventually" can be turned into a Really Long Time with a little thought. A strong password and something to block IPs for 15 minutes or so that guess wrong more than, say, 3 times in a given period.

    Won't stop the hard core pros, but it will make it close to impossible for almost anyone else.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[3096952].message }}
    • Profile picture of the author aandersen
      Originally Posted by Paul Myers View Post

      Won't stop the hard core pros, but it will make it close to impossible for almost anyone else.
      Hardcore pros are only going to use the password as the point of entry, if that is the weakest point in the server's security. Bruteforce is almost always the last choice of preferred penetration points

      There's usually another way, and unless the culprit had a very specific agenda they probably wouldn't even be trying to get in unless a security flaw had been spotted.

      Don't get me wrong, there are bruteforce-style guys out there, but these typically aren't the "real hackers" and any basic security precautions will keep these types away.

      The more hardcore guys in this game are usually really really really smart guys who have insatiable thirst for knowing how things work, and who get an extreme adrenaline rush out of being places they aren't supposed to be. These guys are the reasons you need to keep all your software up to date and be careful what kinds of scripts you upload to your server.
      Signature

      signature goes here

      {{ DiscussionBoard.errors[3097024].message }}
  • Profile picture of the author Brandon Jones
    My grandma's using one of these... I'll tell her to change it tomorrow :-)

    Thanks for the list mate, mine is not in there yet.
    {{ DiscussionBoard.errors[3096967].message }}
    • Profile picture of the author TinkBD
      I create a list of PWs here:

      Security Guide for Windows - Random Password Generator

      (Not affiliate link, and the PW Generator is free to use...)

      Lately I have been using 12 digit numbers

      I keep the list of 50 or so in a text file and go down the list using them. When they are used up, I generate another list. ;-)
      {{ DiscussionBoard.errors[3097016].message }}
  • Profile picture of the author ukcarl
    That sucks one of my passwords is in there
    Signature
    {{ DiscussionBoard.errors[3097025].message }}
    • Profile picture of the author skwurl
      i used to use number 32, "trustno1" for everything! i don't anymore, but yesterday i did change one of my passwords to that.... should change it again :-)
      {{ DiscussionBoard.errors[3097070].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by ukcarl View Post

      That sucks one of my passwords is in there
      On the other hand, it's good that you found out now, before your site or email account got hacked. You can change it before any damage is done.

      Thanks for letting me know. It means I was able to help someone today, that always makes it a good day for me!
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[3097141].message }}
  • Profile picture of the author Paul Myers
    Hardcore pros are only going to use the password as the point of entry, if that is the weakest point in the server's security. Bruteforce is almost always the last choice of preferred penetration points
    Certainly true. I've heard some descriptions from various security people of cracks that are so precise they'd never have been analyzed without regular "snapshots" of log files and other server content. One tiny wedge can be all they need.

    The thing is, most of the people who end up with accounts hacked (as opposed to servers or scripts) get hacked by password guessing. The difference between cracking a Gmail account and using an exploit to take control of a WP installation or a server.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[3097257].message }}
  • Profile picture of the author rovad
    I wonder how did someone actually discover what are the 500 most commonly used passwords
    {{ DiscussionBoard.errors[3097356].message }}
  • Profile picture of the author seabird
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[3097369].message }}
  • Profile picture of the author sakura5881
    Gosh . . . no wonder so many people get hacked. #5 was funny, though...
    Signature

    My blog ~ http://moneyonlinemom.blogspot.com/

    Tips on surveys, offers, and GPT sites!

    {{ DiscussionBoard.errors[3097877].message }}
  • Profile picture of the author Dwight Anthony
    Thanks for the list and so many people haven't changed their easy guessed passwords for years.
    Signature

    {{ DiscussionBoard.errors[3098020].message }}
    • Profile picture of the author All Night Cafe
      I had 2 of them on the lists. They were ones I have used
      on really old sites. That has now been corrected.

      Thanks, for pointing this out.
      {{ DiscussionBoard.errors[3098063].message }}
  • Profile picture of the author Hexor
    My common password on my previous accounts on other websites is : qwerty,password,12345. How come that they cant hack me? Hahaha. Its a funny thread, but also, thanks for the update on the most commonly used passwords.
    Now i will change my passwords from now on. I'll be making like this : H1e2x3o4r5
    {{ DiscussionBoard.errors[3098141].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by Hexor View Post

      My common password on my previous accounts on other websites is : qwerty,password,12345. How come that they cant hack me? Hahaha. Its a funny thread, but also, thanks for the update on the most commonly used passwords.
      Now i will change my passwords from now on. I'll be making like this : H1e2x3o4r5
      My guess is, it's not that they can't, but that they haven't tried. I'm sure you were kidding about your new password, but that one wouldn't be that difficult to crack. Randomness, length, and special characters are the keys to a strong password. Your new example has none of that.
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[3098191].message }}
  • Profile picture of the author MikeLiving
    Well I didn't find any of my passwords on the list. Most of mine are extremely personal, so unless your part of an Extractor team (inception) then your going have a hard time cracking this safe!
    {{ DiscussionBoard.errors[3098796].message }}
    • Profile picture of the author Bill Farnham
      I've always used "pleasedon'tguessmypassword" and I've never had a problem.

      Who'd a thunk...

      ~Bill
      Signature
      {{ DiscussionBoard.errors[3098825].message }}
  • Profile picture of the author Robert Colle
    Interesting list. I guess I will just have to use a password auto fill program so that I can usually use the most difficult passwords that I will eventually forget the next day. As for name and date of birth, that is only easy to guess for somebody who actually know you. For a hacker that doesn't have your personal info. how is he or she going to know that?
    {{ DiscussionBoard.errors[3098822].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by Robert Colle View Post

      Interesting list. I guess I will just have to use a password auto fill program so that I can usually use the most difficult passwords that I will eventually forget the next day. As for name and date of birth, that is only easy to guess for somebody who actually know you. For a hacker that doesn't have your personal info. how is he or she going to know that?
      Robert, assuming you're using your real name, I've got that much already. A quick search found a Robert Colle on Facebook and Linked In. If either of those are you and you listed your b'day I'd be able to get it. If your birthday isn't listed and one of those are you, I could befriend your friend and make up a story to fish your birthday out of one of them. There are also databases a person can search.

      I also found Robert Colle who is a policeman, and another who is a minister rather quickly. Either of those you?

      That was in less than a minute. The point is, if someone is targeting you by name, there may be more ways to find out your birthday than you realize.

      Originally Posted by Bill Farnham View Post

      I've always used "pleasedon'tguessmypassword" and I've never had a problem.

      Who'd a thunk...

      ~Bill
      Thanks, I didn't know you changed your password from KillerJoe. I've updated my database on you now. You're a good little victim.
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[3098882].message }}
      • Profile picture of the author sanssecret
        Well, thankfully, none of mine are on there.

        Have to say, I'm amazed at some of them. Why even bother if you're going to make them that easy?:confused:
        Signature
        San

        The man who views the world at fifty the same as he did at twenty has wasted thirty years of his life. ~Muhammad Ali
        Pay me to play. :) Order a Custom Cover today.
        {{ DiscussionBoard.errors[3098944].message }}
  • Profile picture of the author mandark
    I've never used any of those passwords (phew), but I find some of them interesting.. who would have guessed that "ou812" or "rush2112" would be top used passwords? They seem random (ish)..
    Signature
    High PR backlinks on AUTHORITY SITES in your niche... for $5 each.

    Does your site's HTML validate?

    Top SEO Tools / Website Proofreading Service / Vaginismus Treatment
    {{ DiscussionBoard.errors[3111463].message }}
    • Profile picture of the author inlecture
      mines not up there good enough for me i guess
      Signature

      First EVER niche Site www.soundbarhq.com

      {{ DiscussionBoard.errors[3111646].message }}
      • Profile picture of the author WillR
        Originally Posted by inlecture View Post

        mines not up there good enough for me i guess
        Who knows where this list came from, they are just mostly common words - dah, you don't say these would be commonly used. Just because your password is not in this list means nothing at all. This is not a list you should be checking for your password. If you password isn't at least 10 characters long, a mixture of letters and numbers, and also hopefully includes a special character, then you need to fix it asap.
        Signature

        .


        .

        {{ DiscussionBoard.errors[3111673].message }}
  • Profile picture of the author Conrad Stuart
    Another tip is to avoid using your name and birthday. Nowadays with so many people using their name and birthday in their passwords, and with how many people post their birthdays publicly, it isn't hard for a smart hacker to figure out your PW if he really tries.
    {{ DiscussionBoard.errors[3111684].message }}
    • Profile picture of the author bbboy484
      lol thanks god that none of my passwords match any passwords on that list.
      I think the best tip for creating password is if something you can't remember other people can't crack it. But you need a safe place to write that down.
      {{ DiscussionBoard.errors[3112576].message }}
  • Profile picture of the author timpears
    Where does this list come from? I have my doubts about its authenticity. How do they know that these are the most used passwords? People don't register their password with anyone so they can be counted.
    Signature

    Tim Pears

    {{ DiscussionBoard.errors[3111704].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by mandark View Post

      I've never used any of those passwords (phew), but I find some of them interesting.. who would have guessed that "ou812" or "rush2112" would be top used passwords? They seem random (ish)..
      ou812 (Oh, you ate one two) was the title of a 1988 Van Halen album. Rush 2112 is the 4th album by the band Rush.

      Originally Posted by timpears View Post

      Where does this list come from? I have my doubts about its authenticity. How do they know that these are the most used passwords? People don't register their password with anyone so they can be counted.
      Tim, there have been many such lists published over the years. Hackers have busted into sites and stolen the passwords lists and published them. That's one example of how these lists are put together. Another is an organization that has tens of thousands of users might do a study, or supply the passwords (without the user names to go along with them) to an organization doing a study. The fact is, they can come from a lot of legitimate sources. The actual passwords will vary according to the source, but many (if not most) will be common to this list.
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[3111901].message }}
  • Profile picture of the author theemperor
    I use Roboform - so I don't have to remember passwords.

    Here is an example of a password it generates (not one that I am using I hasten to add!)

    Gf9W5pRO

    Nice :-)
    Signature
    Learn to code faster, and remove the roadblocks. Get stuff done and shipped! PM me and I can help you with programming tutoring, specialising in Web and the following languages: Javascript ~ HTML ~ CSS ~ React ~ JQuery ~ Typescript ~ NodeJS ~ C#.
    {{ DiscussionBoard.errors[3160584].message }}
  • Profile picture of the author Andrea Wilson
    Geez, I just realized how simple I think before when I made my very first gmail account before as I found my old password in the list. LOL,. It was hacked actually and now I know why.

    Andrea
    Signature
    Virility Ex|Mobile Website Design|Yeast Infection Causes|Extenze Male Enhancement
    {{ DiscussionBoard.errors[3160761].message }}

Trending Topics