In its sixth annual Worst Passwords report, SplashData, a provider of various security applications and services, listed the 25 weak and easy-to-guess passwords most frequently posted on various hacker forums and websites.
Here’s the list
The list is based on 5 million leaked passwords, and almost 4% of hacked users used “123456” as their password of choice while more than 10% used another from the list.
Most had a single word password, which is a dream come true for any hacker planning a quick and effective dictionary attack. Using this method, a hacker pretends to be the user and tries to log into their account, using a predetermined set of words or phrases from a list called “dictionary”.
Frequent usage also applies to another group of passwords on the list: sequences. “123456”, “qwerty” or “zaq1zaq1” are key sequences, which means the used symbols are near one another on the physical keyboard. This kind of passwords is another dictionary favorite, but is also susceptible to a brute force attack. This tactic is similar to a dictionary attack, since it also happens on the login screen, but instead of using ready-made lists, a hacker uses a special algorithm which attempts to enter different character combinations until a password match is found (i.e. attacker will try using “1234”, then “12345”, etc.).