Most Common Passwords Used Online
A List of Common Passwords Used on Real Internet Hacked Accounts Logins
The Most Common Passwords Compile Sources Used In This Report
Some time ago (2009) … the Internet was 'taken by surprise' when a well known bulletin board script's home website was hacked:
- phpBB.com website hacked
(through a vulnerability in an outdated version of a third-party script called PHPList, almost 29.000 accounts were exposed)
As a result, the hackers were able to harvest a list of phpBB users emails and passwords.
This was not unprecedented, as in fact another list of passwords was harvested back in 2006 from MySpace, by some people who used a classical phishing scheme, simply making a copy of MySpace on a different server and waiting for users to login (thus getting their login credentials):
- MySpace phishing attack
(resulting in 34,000 – or even over 47.000 according to other sources – actual user names and passwords)
Warning: I have noticed a very similar trend lately on Skype (August 2010), where recently some Skype accounts were hacked too, then used to send links to all the hacked user's contacts requesting them to login into a phishing copy of Skype's login page to get hold of even more accounts and so forth…
- Skype phishing attack
(similar but with no disclosed reports yet as of how many have been actually hacked)
The above was not used as a Most Common Passwords resource though, due to lack of detailed info…
Last one to be mentioned, is a Christian dating website, whose database was hacked back in 2009:
- db.Singles.org hack
(based on a major security flaw that allowed a group called 4chan to get access – at least partially – to the over 40.000 users accounts and passwords; as the stated claimed number of members on that site was…)
The website used querystring parameters to identify a user and the mode the page displayed in yet allowing it to be put it in edit mode without having to be authenticated.
Further down there are a few thoughts regarding the dangers posed by these few (only the known ones) events, but before that, let's see which was the most used password in these lists?
In my opinion the winner is "123456", closely followed by "password" and their derivatives! But, read on…
Looks like people just don't get it … right?..
I mean … the password distribution analysis that follows shows how ridiculously simple to hack passwords are still used nowadays…
Most Commonly Used Passwords Analysis by Comparison
I won't pretend I ran this password patterns analysis by myself. On the contrary, I aggregated data from several known sources as you could see above. There is a non-exhaustive list of them listed at the bottom of the post though … if you want to read more in depth about all these – but generally the articles are very techie and won't help so much the average Internet user.
I have decided to tell you the story in plain English and simple tables, to see for yourself (an image is better than 1.000 words) – let me show you here a comparison table:
 | ||||
 |  |  |  |  |
 | ||||
To obtain the lists of most common passwords used on each of the three hacked services shown in the table results above, the study author (Jimmy Ruska) used a total of 116.782 hacked passwords lists in his research, as follows:
- MySpace – 47.380 Phishing Login Passwords
- phpBB.com – 28.644 Hacked Account Passwords
- Singles.org – 40.758 Unsecured Plain Text Account Emails Passwords
… although not all of them 'have made it' to the combined lists of
top 20 most common passwords … however,
the results are definitely interesting to analyze.
There are a number of differences derived both from the way these were obtained:
- In the case of the phishing MySpace attacks, some of the users may still have recognized the attempt and could have input fake info, probably more 'vicious' than their real credentials would have been,
- While the other two are definitely extracted from the databases
on the one hand…
…but also due to the website's specificity and/or demographics
on the other hand:
- Singles.org being a Christian dating site, the occurrences of 'emo' and 'biblical' words is much higher, even the 'password' password is pushed one level down by the word 'jesus' – although I suspect in this case it is just another (twisted) variation of using the website's name (instead of 'christian', 'jesus' in this instance, while the others have their own: 'phpbb' and 'myspace1' where we notice the addition of a trailing '1' just because the signup requires a password containing at least one digit)
- MySpace is mainly a teenager's site, hence many of the passwords have something related to teenagers interests, such as sex, love, sports etc…
- phpBB being a forum, it is debatable how strong the passwords are from the start; it is notorious that on such websites, many users just throw some dump credentials in order to get access to tidbits of information otherwise locked out, but never plan to return there and keep the newly created profiles for future use – hence higher occurrences of numeric passwords, or test etc…
All in all, looking at all those commonly used passwords side-by-side, one cannot miss the pattern:
very, very weak security – so easy to guess passwords, that sometimes there is not even worth using a dedicated software to hack such accounts.
Most Common Passwords Letter Frequencies – "A SIN TO ERR"
A very interesting analysis may be conducted on each letter frequency in the most used passwords list.
For an in-depth analysis of the subject, I found a good starting point on this Wikipedia Letter frequencies article, but the said study took me two days to complete (the cryptography related topics are fascinating!) and I think I'd rather resume my findings for your convenience here.
In certain cryptographic techniques used by spies along the history, knowing the frequency of certain letters for a given language was a must.
For English, the most commonly used letters are, in order:
ETAON RISHD LFCMU GYPWB VKXJQ Z
Spies used the following mnemonic phrase to be able to easily recall these:
"A SIN TO ERR" (dropping the last 'R' we get the first 8 most used letters in the English Language, although not necessarily in that exact order…)
However, the first 12 are responsible for over 80% of the total usage, while the first 8 for about 65%…
Given this information, I was very curious about the letter frequencies distribution amongst the most commonly used passwords lists at hand. Analyzing the three lists above, I've got the following results:
 | ||||
 |  |  |  |  |
 | ||||
 |  | |||
 | ||||
 | ||||
You may observe that while the 8 most used letters in the English alphabet should be responsible for a total 65% of the general usage, the rate here is a bit lower (48% only)
But this is obviously due to the nature of the analysis, where the passwords lengths amongst the most used passwords comparison table were usually in the range of 6-8 characters, while the whole English dictionary would contain many longer (as well as shorter) words that would have added some 'meat' to the numbers… in any case, still consistent I'd say.
The obvious conclusions to be drawn from here would be, of course … try to use less frequent letters when you make your passwords folks!
Some more food for thought:
Most Commonly Used Passwords Lists Comparison Conclusions
The studies mentioned above, combined with yet a few others more, have made me draw the following conclusions:
Amongst the most frequently used passwords are simple to guess words or combinations like:
- 'password'
- '123456' or longer '12345678' and variations (like backwards: '654321' or crossed '159753' or '159357')
- variations of the user's firstname – over 16% of all cases!!!
- or the user's spouse or child's firstname,
- or other patterns on the keyboard, like 'qwerty' etc… HUGE … 14%!!!
- many times the user's birthdate
- or frequently names of things in the close vicinity (brand names like 'samsung' for instance, if their monitor would be of that type, etc…)
Even more in-depth analysis may be devised if we should add lazy behaviors of leaving the default usernames and passwords unchanged where they are available (usually exploited by hackers targeting hardware rather than software glitches, for instance routers factory default settings like user/pass combination of admin/admin < extremely frequent!)
While the security of one's passwords and logins are of the utmost importance, IMHO … there are people who would advocate selective passwords strengths for 'some' accounts while 'don't care' style on others…
I see a terrible danger in here!
The Common Passwords Used Multiple Times Threat
The hackers that would get hold of one of your less secure accounts credentials, may very well use those and try to login into other sites as well … and if you happened to use the same password more than once you'd be prone to see this spreading amongst all your profiles on the web, very soon…
Unfortunately this may end up with them getting hold of your main email account and from there there is just one more small step to your PayPal or other payment portals you are using, or your online banking credentials, etc…
For instance, the 4chan group used the login credentials they've got from the Singles.org database to access the same users' FaceBook or Twitter accounts, sending hate/racist or sex related messages to other people on those accounts' contact lists
They have been causing a great deal of embarrassment for the original owners when they were faced with strange accusations.
This happened because those people used the same usernames and logins for many different social networks accounts.
The only sensible thing to do is to use STRONG passwords all the time, different unique passwords for each website – never repeat one! I would also recommend not only to build STRONG passwords by making them longer or whatever, but by using a combination of uppercase with lowercase letters, special signs and digits wherever allowed, to obtain the maximum password strength possible…
If it seems too hard to implement – do not worry!
I found an automatic solution to help you achieve that easily.
I personally use RoboForm – and I have written an informative post about it (from the perspective of the ease of use more than security though … ) here:
☛ RoboForm Filler and Passwords Manager ☚
I strongly encourage you to read that article too and download the RoboForm software as it is a free tool for most purposes …
… although I bought the Pro (paid) version that
suits other advanced uses too
(like automatically completing submission forms
for me whenever I join a memebership site,
like a GiveAway or other similar places
where there are lots of fields to fill)
The 500 most commonly used passwords list and other insights
WARNING:
The following download contains offensive language and words related to sex, hate, racism and more…
This material has been gathered exclusively from the input of real world users and public sources available on the Internet. These have been included solely to give you an insight into the minds of people using them.
I want to impress upon you that they have NOTHING to do with my own views, language, manners or mindset! If you would be upset by reviewing such offensive language and related words, I URGE you:
Please refrain yourself from downloading it!
That having been said … if you are interested to get a copy of the new report I'm preparing relative to the new Internet threats, security issues online and other interesting stuff, INCLUDING the whole table of 250 most commonly used passwords list that came up from the above analysis …
… PLUS (BONUS!!!) a list of the
TOP 500 most common passwords used online
- compiled by whatsmypass.com (a password recovery service) from the requests they've got …
&
The Godzilla Hack (over 32 million accounts from RockYou)
…Please signup for the notification list and
I'll make sure to send it to you ASAP
Preferably subscribe with a Gmail account
- highly recommended! –
to make sure you will be able to securely get
my message swiftly delivered to your Inbox!
 |  |
 |  |
 |  |
 |  |
 |  |
 |  |
 |  |
 |  |
IF you enjoyed "The Most Common Passwords Used For Logins Online" feel free to tweet about it, share on social networks like FaceBook, Digg, etc… and especially leave a comment below – Thank YOU!
"The Most Common Passwords Used For Logins Online" was compiled using the sources notified in the trackbacks.
There is a non-exhaustive bibliography included in the "TOP 500 Most Common Passwords Used Online FREE Report" as well…
Filed under Security Tips by on Sep 3rd, 2010. 9 Comments. 
WPSyndicator WordPress Plugin Backlinking Tool & Traffic Software
WPSyndicator WordPress Plugin | Backlinking Tool
WPSyndicator WordPress Plugin ☚ is a new WP plugin created by Andy Fletcher, the same clever guy behind Backlink Energizer and a lot of other SEO software tools, dedicated both to building and checking backlinks and Google rankings.
WPSyndicator WP Plugin – as the name suggests – will automatically get an excerpt of any new blog post from your WordPress website and it will send it to 15 of the most powerful Web 2.0 properties available nowadays.
Whenever you publish a new post on your blog the following services will be notified and a new backlink will be created on each of them, pointing back to your new content, when the excerpt is published:
 |  |  |  | ||||||
| | ||||||||
| | ||||||||
 | | | |||||||
 |  | | |||||||
 | | ||||||||
| | ||||||||
|  | | | ||||||
 |  | | | ||||||
 | | ||||||||
 | | ||||||||
 | | ||||||||
 | | ||||||||
 | | ||||||||
| | | | | | | | | |
- WordPress
- TypePad
- Blogger
- Vox
- LiveJournal
- Tumblr
- Multiply
- Plurk
- FriendFeed
- Xanga
- Identi.ca
- You are
- Blellow and
- BrightKite
These excerpts will help you both with an answer to the common questions:
- "How To Get Backlinks Automatically To My Blog?"
and also…
- "How To Get More Traffic To Your Blog?"
…because the users of the said
15 services will be teased by the
blog excerpt and will be presented
with a link to continue to read more
on your blog, directly.
Furthermore, the WPSyndicator WordPress Plugin generated excerpts will allow you to change the default "Read more" anchor text into a keyword rich backlink using your preferred keyword as anchor text.
This way, WPSyndicator WordPress Plugin both builds free backlinks and brings free traffic to your blog.
In order to be able to do all these, there is an initial setup process, that can be performed either manually from inside the WPSyndicator WordPress Plugin's dashboard, allowing you to setup all the 15 services with your username and password, or you may simply add your existing accounts details if you've done this before.
Once configured, WPSyndicator WordPress Plugin becomes the mighty powerful automatic backlinking machine and traffic getting software that was intended from the first place, with the ease of 1-click of a button: "Click Here To Syndicate"
WPSyndicator WP Plugin | Updates
However (in the latest update I just downloaded), WPSyndicator WP Plugin's creator Andy Fletcher, added a couple or more new features requested by his beta testers.
As such, WPSyndicator WordPress Plugin will now also syndicate pages and has Web 2.0 auto-syndication capability. This feature is disabled by default in the plugin's interface, but if you want to enable it, WPSyndicator WP Plugin will allow you to.
There is also a handy rate limiting feature added so that you don't get banned from all the Web 2.0 sites for posting too many backlinks, too fast.
The trick here would be to syndicate only a few, maybe maximum 2 posts per day, to avoid being seen as a spammer by the admins of the 15 Web 2.0 sites.
WPSyndicator WordPress Plugin | Benefits
While I see a great advantage of using WPSyndicator WordPress Plugin in conjunction with any autoblogging plugin you may have (see a resource on my blog here: …. ) to:
- automatically build backlinks and
- multiply the value of the said blogs by
- increasing posts rankings and
- building a backlinks network to
- help getting higher page ranks
- beware still… NOT to overdo it.
I suggest you install the WPSyndicator WordPress Plugin on a few blogs (not only one or two) but using the same login credentials. This way, the Web 2.o properties will get excerpts from multiple blogs/domains, making it look more natural.
Now, in conclusion… what would WPSyndicator WordPress Plugin mean to you in terms of benefits and added value to your websites?
WPSyndicator WordPress Plugin | Blog Traffic Software
- More traffic from those who read your material on the Web 2.0 sites and wish to read the rest of your article. They'll gladly click through to your blog to see what else you have to say.
- More subscribers, because once they're there, you will make sure they see your opt-in form, right?
- And of course…
- More backlinks that show the search engines how popular your blog is.
- Finally…
- More sales for you, generated by the traffic boost your blogs will get after installing your own copy of the WPSyndicator WordPress Plugin.
WPSyndicator WordPress Plugin | Installation & Setup
The installation process in itself is as easy as any other WordPress plugin's, with the addition of the necessary setup of the Web 2.0 properties details the first time.
This should take you anything between 30 minutes to an hour, but it depends on how fast you can type and through it all.
But if you get stuck anywhere at all, Andy fletcher added some very handy videos to his WPSyndicator WordPress Plugin, that will guide you through the less obvious spots if needed.
This is truly one of the best new WordPress plugins I've seen released lately. WPSyndicator WordPress Plugin will surely give your blog a traffic boost! It could easily be THAT boost you need to take your blog to the next level.
WPSyndicator WordPress Plugin | Conclusion
WPSyndicator WordPress Plugin Blog Traffic Software will be a MUST for any serious blogger or niche Internet Marketer from now on…
☛ GET Your Copy NOW –⟩ WPSyndicator WordPress Plugin ☚
Did you find this blog post useful? Then why don't you pull me out of my bed and literally 'force' me to write one more... ★★★ Buy Me A Coffee! ★★★ ...and ask for the next topic!
Filed under WP Plugins by on Aug 17th, 2010. 5 Comments.
| |
Get HUNDREDS of Instant Blog SubscribersFREE with No Strings Attached! A $297 value! Get it online now! »» Instant Blog Subscribers ««^ |
Filed under Affiliate Marketing by on Jul 31st, 2010. 1 Comment.
Cherry Picker Software
Perpetual Traffic Report & Perpetual Traffic Formula
Cherry Picker Software Beta – FREE Download
Cherry Picker Software is going to be fully released with the Perpetual Traffic Report Formula, most probably for a $197 price point or so, if we look back at all the other launches of Ryan Deiss – the owner.
But while in BETA, you can download a free copy of Cherry Picker Software for market and keyword research and use its full power to reveal profitable niches or sub-niches (cherries to be picked) on your own market.
As a part of the Perpetual Traffic Report Formula Launch, you will be also entitled to get a free report as a BONUS for getting aboard, along with your own free copy of the Cherry Picker Software.
Cherry Picker Software Video
You may watch now a free video presentation of the Cherry Picker Software from Ryan Deiss himself right from his website:
Ryan Deiss has paid $10k to have this software developed for him IN-HOUSE (as he claims himself) – which may not be the exact figure, yet quite plausible, knowing how time consuming is to fully develop a properly working SEO tool these days (with search engines' algorithms being more and more sophisticated). But Ryan Deiss Products always rock!
So giving him all the credit and kudos for releasing this piece of SEO Software for free in beta, I suggest you go as quickly as possible and grab your own copy of Cherry Picker Software right now, while it's still free to download.
Cherry Picker Software Bonus
Ryan Deiss uses this very software to find weak markets and niche opportunities to directly attack with his "Perpetual Traffic Formula" which – BTW – comes to you along with a FREE PDF Report as a Bonus, too: "Google is Broken".
Both "Cherry Picker Software" and "Google is Broken" report are free at this moment as a part of the "Perpetual Traffic Formula" Launch… but I wouldn't count on that for very long.
Ryan has a long history of other launches – many of which have really shake out violently the Internet Marketing industry so far:
or the world-wide known
or the most recently released
The industry giants like Google and FaceBook still tremble from the effect these reports have had on the online marketing community.
Perpetual Traffic Formula
Perpetual Traffic Formula comes next in line, so right now, Ryan is more than happy to share with us all the insights and secrets he's using for conducting his business to success.
This is a great way to get started and begin making money online, following a proven expert's advice.
All the benefits of the above mentioned will eventually add up in time, but right now, the focus should be on getting on-board fast and take the freebies that Ryan is allowing you to download:
 | ||
|
If you have any questions – or maybe already great results from using your copy of Cherry Picker Software – please share them with us in the comments area below. Although I am still using other keyword research software apart from this one, I can truly say that Ryan Deiss has done a great job with this tool and I highly recommend that you start using your free Cherry Picker Software right away – Enjoy!
Did you find this blog post useful? Then why don't you pull me out of my bed and literally 'force' me to write one more... ★★★ Buy Me A Coffee! ★★★ ...and ask for the next topic!Filed under Software by on Jul 21st, 2010. Comment.
Backlink Energizer WP Plugin Review
Google Backlinks SEO URL Indexing Using Backlink Energizer WP Plugin
Backlink Energizer WP Plugin – A solution to get your Google Backlinks indexed fast and stick so. Google Backlinks are usually harder to reveal, as Google doesn't so easily disclose the indexed backlinks as Yahoo does… However, revealed or not, if there are backlinks indexed, then all should count and add up to your website's might! Backlink Energizer WP Plugin simply multiplies your discovered and indexed backlinks.
Not all the hard built SEO URLs get indexed, though. How sad…
As such, sometimes you just seem to be chasing your own tail (to no avail), although you know how much effort you've spent building your backlinking campaign, right? The obvious solution would then be to take your SEO backlinking techniques one step forward and begin to index your backlinks instead of waiting for Google and its search engine comrades find them naturally. So I came by this excellent piece of SEO software: Backlink Energizer WP Plugin from the people at Backlinks Goldmine. Read more…
Backlink Indexing
Backlink Indexing is a great way to improve the effectiveness of your backlink building efforts. Whether you use Articles, profiles, blogging, guest blogging or other backlink building strategies. Taking steps to get Google to find your links will greatly increase your link efforts value.
- It's one thing to go out and build yourself or hire someone (outsourcing) as a backlink builder to build 100's, even 1,000's of quality backlinks to your money sites and important traffic pages… (Nowadays that's a rather trivial exercise – time or money solves the issue and there's a lot of quality resources!)
- It's quite another issue altogether to get maximum value from those backlinks! Take for instance, profile backlinks (which are all the rage right now) – how many of those, if left alone after being created, will ever find their way into Google's index? If Google never crawls them and indexes them, how are we to get credit for them?
Energized Backlinks Case Study
Energized Backlinks is one backlinks case study I saw recently. It illustrated a 250% increase in links indexed by Google by taking matters in your own hands vs. waiting for Google bot to get around to finding them naturally. The whole concept – based on all the current tools on the market, is to build backlinks to your backlinks on high trafficked web 2.0 sites. I tried improving my odds with the Google bot and big G's index using a couple of the leading tools on the market. Some aspects I liked – other aspects not so much.
My backlink indexing tests
Some systems relied on web 2.0 gatekeeper sites such as Ping.fm, or Posterous, or OnlyWire…to cross post identical content across a dozen web 2.0 sites.
- Problem is – if the gatekeeper site gets wind of it – they're likely to shut it all off. In fact they've been trying to do just that.
- One of the other issues was … having to sort out, and install a PHP script on my hosted server. What if I want to build a rather large network of indexing sites? All going to come off the same IP?
- Easy footprint for web 2.0 admins to track down as the source. So to distance my linking efforts from my money site IP's – I'll need a 2nd hosting account on top of the cost of the application.
- Not to mention the challenges that come with maintaining a server side PHP script for energizing backlink indexing.
Another system I looked into was using web 2.0 sites and RSS feeds of backlinks, and then shortened urls.
- I wasn't sure how post after post of shortened urls on web 2.0 sites was going to last for very long. I suspected those sites using it aggressively would meet certain moderator death.
- Finally, another issue was … will 20 posts a day of nothing but short urls be reliable bait for Google bot to keep coming back – daily? I had already wasted enough time – I didn't feel like taking another flier on what I determined to be questionable SEO and indexation tactics right from the start.
Fortunately, a friend turned me onto one of the coolest SEO WordPress Plugins I've ever used.
Backlink Energizer WP Plugin
Backlink Energizer WP Plugin Developers
Backlink Energizer WP Plugin was developed by the SEO specialists over at Backlink Goldmine. I guess this Andy Fletcher guy is a wizard with PHP and WordPress – and he whipped up this SEO WP plugin to make it as easy as possible for the "non tekkie" marketer to get rapid results.
They buried a bunch of the techno mumbo jumbo into the WordPress publishing engine – and made it Copy'N'Paste easy!
All I had to do was take one of my WordPress blogs and install the plug in.
Backlink Energizer WP Plugin – "How To Use" Steps Guide
Here's what followed… from there it was as easy as 1,2,3…
- Making a post or page in the WordPress interface.
- I pasted a text file list of all my backlinks I wanted to get indexed into my Backlink Energizer WP Plugin interface.
- A few RSS Feeds they supplied, and I made a list of keywords to use for the links back to my backlinks.
- From there I needed to fill in my FREE Web 2.0 blog sites like…
- Vox
- Posterous
- WordPress.com
- Blogger
- Multiply
- LiveJournal
- TypePad Micro, and a
- WordPress blog I hosted myself.
I'd say the whole thing took me less than 1 hr. I think my next install will be only 15-20 minutes though, as I now know exactly what to expect. It really was straightforward and simple – there are just a lot of username – password details to enter.
By far the easiest system for backlink indexation I've seen.
Backlink Energizer WP Plugin Case Study
If my results are only have as good as their case study … I will be more than pleased at this economical price point and ease of use. I will be reporting more on indexed link numbers shortly… You can go have a look at their Backlinks Case Study where they tested 300 backlinks – 150 got Energized with the Backlink Energizer WP Plugin, while 150 did not. 
The results from the Energized Backlinks group were astounding. The Backlink Energizer WP Plugin is worth all the kudos these guys can get, IMHO!
Did you find this blog post useful? Then why don't you pull me out of my bed and literally 'force' me to write one more... ★★★ Buy Me A Coffee! ★★★ ...and ask for the next topic!Filed under WP Plugins by on Jul 14th, 2010. 8 Comments.
Recent Comments