Your Top 20 Most Common Passwords

Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password.

Imperva found that nearly a third of users chose passwords whose length is equal or below six characters and almost 60 percent of users chose their passwords from a limited set of alpha-numeric characters. Almost half of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on), with the most common password being "123456".

Here are the top 20 most popular passwords from the RockYou.com leak.

Imperva notes that even though hacking techniques have become better, users of today are no wiser than those 20 years ago. The company's report says that a study of Unix password security in 1990 and hacked Hotmail passwords from 10 years ago showed little change.

So how can everyone get better? Imperva recommends the following:

1. Choose a strong password for sites you care for the privacy of the information you store. Bruce Schneir’s advice is useful: “take a sentence and turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary.”

2. Use a different password for all sites – even for the ones where privacy isn’t an issue. To help remember the passwords, again, following Bruce Schneier’s advice is recommended: “If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence – or better yet – a hint that will help you remember your sentence.”

3. Never trust a 3rd party with your important passwords (webmail, banking, medical etc.)

Read the full report from Imperva here.

Who is changing his or her password today?

Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
  • deadlockedworld
    So there are a lot of dumb Nicoles? hahaha.
    Reply
  • the_krasno
    Natural selection I say. People smart enough to have good passwords are less likely to get hacked- they are not worth the effort as it would be easier to hack someone dumber.
    Reply
  • flyinfinni
    Wow.... that is pretty pathetic. Doe people not realize that getting hacked into sucks?
    Reply
  • iboomer
    Stupid Sheep. Alpha numberic, upper and lower case.

    I have to suffer through phone calls from people who want my personal information everyday, just so I can conduct my business. This is because of people who steal identities from the idiot sheep who can't be troubled to remember not to use little Suzy's name as the password on your bank account.

    You get what you deserve, and I have to pay for it. Wasted time on the phone giving information, and wasted money on the taxes I pay because of the laws that get passed, because you idiots can't come up with a more secure password.

    Lazy stupid idiot sheep.
    Reply
  • haunted one
    123456 and qwerty?

    I'm not surprised that 1/5 th of Americans can't pinpoint the US on a world map.
    Reply
  • TheDuke
    these people are idiotic
    Reply
  • Kaileb
    Wow.....
    Reply
  • anonymouse
    3. Never trust a 3rd party with your important passwords (webmail, banking, medical etc.)

    I just used ninite to install apps after installing win7 last night. One of the apps to choose from was KeyPass. Would that be considered a "3rd party" I'm not supposed to trust or just a tool to store passwords that is better than a list in a wallet?
    Reply
  • martinhersey
    These passwords are all too easy...
    Reply
  • saint19
    I think that the numbers is 'cause are the fast access in the keyboard. But also some people are a little idiots, all the accounts have recomendations for the password, if they don't read this, is their fault.
    Reply