Jimmy Ruska was able to obtain some hacked database files from MySpace, phpBB, and Singles.org.
These files contained basic user and password information, resulting in 116,782 passwords being available for analysis. These files were from early 2009.
Here is a quick look at some of the information that Jimmy found about what THE MOST COMMON PASSWORDS ARE:
Singles.org
- 123456
- jesus
- password
- love
- 12345678
phpBB
- 123456
- password
- phpBB
- qwerty
- 12345
MySpace
- password1
- abc123
- password
- iloveyou1
- iloveyou2
When all three databases were combined, the top passwords from the combined databases were:
- 123456
- password
- phpbb
- qwerty
- 12345
Jimmy did some further digging into the data. Generally speaking, passwords were most often 6 characters in length (26.99% of the time), followed closely by 8 character and 7 character length passwords. 10 characters were used just 5.06%, and anything over 10 each occured less than 1% of the time.
Jimmy has a fascination with passwords, as he indicates by also including a LIST OF MOST COMMONLY USED PASSWORDS BY TYPE, which is a great list to use to know what to stay away from when deciding what password to use. As Jimmy states, people spend hours coming up with the ideal username, but spend just minutes coming up with a password.
Among those items to stay away from in choosing a password:
- 123456, 123, 123123, 01234, 2468, 987654, or any other simply number construction
- 123abc, abc123, 246abc, etc. See #1.
- Your first name
- Your favorite band
- Your favorite song
- Your first initial and last name (jdoe, jsmith)
- qwerty, asdf, etc. See #1.
- Your favorite cartoon character
- Your favorite sport or sports star
- Your country of origin
- Your city of origin
- A password that consists of all numbers (birthday, anniversary, etc)
- Some word that can be found in a dictionary
- Two such dictionary words
- Anything from #1-#14 spelled backwards
- aaa, eee, fff, or other repeat key combinations
So how do you pick a good password? Here are some handy tips:
- Passwords are often case-sensitive. Throw in a RaNdOm CapItaL letter once in a while.
- Take your favorite song lyric, quote, or other phrase that has meaning to you. Turn it into an acronym (“Lucy in the Sky with Diamonds” = “LitSwD”)
- Try the license plate rule – try to take your favorite phrase and make it fit and make sense when seen on an 8-character license plate.
- Try to use a mix of characters, numbers, and punctuation. (“Boston” = 8@5t0N
- Don’t write your passwords down anywhere
- Don’t use the same password on more than one system. One option is to use the same password base, but to append different numbers or phrases to the base. For example, for your online banking login, you might use “xxxxxBANK“, where xxxxx is your base password using the rules above.
- Change your passwords often. One option is to append the month and year to the end of your base password (“xxxxx%0209“). That way you’ll know when you changed that password last.