Every year a new list of most common passwords is released. You might ask, “where do these come from?”, and that’s a great question. Security firms scour the dark parts of the Internet to find people buying and selling passwords. Based upon these lists, they find the passwords and start organizing them by the number of times they see them.
So having a password on this list isn’t a good thing, but not only is it not good, it’s bad in that many of these are easily hack-able, even by just guessing manually because they aren’t robust.
Below is the list of the top ten, with how many days it would take to hack each one. Prepare to be disappointed, and if you see your password on the list, you might want to change it!
Password | Possible Combinations | Days to Hack |
---|---|---|
123456 | 1,000,000 | 0 |
123456789 | 1,000,000,000 | 0 |
qwerty | 308,915,776 | 0 |
password | 208,827,064,576 | 0 |
1234567 | 10,000,000 | 0 |
12345678 | 100,000,000 | 0 |
12345 | 100,000 | 0 |
iloveyou | 208,827,064,576 | 0 |
111111 | 1,000,000 | 0 |
123123 | 1,000,000 | 0 |
Notice that none of these passwords take even a day to hack!
The second thing you might notice is that there are a lot of numeric passwords. While 123456 has been on the list for many years, 111111 and some others are newer. This is because they are default passwords for many Internet of Things (IoT). You should change the default password of your router, modem, or other Internet enabled devices when setting them up, so they are less likely to be hacked.