Most common passwords in the Gawker database

This is a Wordle showing the 80 most common passwords from the cracked Gawker database. There are 2090 passwords containing the word ‘password‘ (132 clever people used ‘passw0rd‘). Next is ‘lifehack‘, appearing 680 times and then ‘qwerty‘ at 663.

I haven’t really explored this a great deal, but I saw many numerical passwords that were clearly birthdates and loads of names and short dictionary words. Basically, everything you’re not supposed to use as a password.

[Check the updates at the bottom of this post for more info]

Do you use a password like these?

I collect some good advice on this blog, but the best single thing you could do to really beef up your own online security is start using LastPass. You can install a plugin for every browser on every platform that gives you access to a well encrypted database of all your passwords, enabling you to use a different one for each site. Now all of your passwords can be long and random and much more secure – LastPass will even generate these for you.

LastPass can do much more, like auto-fill forms, but everything you need is available in the free package.

Edited to link to a more detailed analysis by Duo Security:

As with any password dump, one of the most interesting outcomes is the most popular/common passwords chosen by users.  The top 25 most common passwords from our cracking results were:

   2516 123456
   2188 password
   1205 12345678
    696 qwerty
    498 abc123
    459 12345
    441 monkey
    413 111111
    385 consumer
    376 letmein
    351 1234
    318 dragon
    307 trustno1
    303 baseball
    302 gizmodo
    300 whatever
    297 superman
    276 1234567
    266 sunshine
    266 iloveyou
    262 fuckyou
    256 starwars
    255 shadow
    241 princess
    234 cheese

The vast majority (99.45%) of the cracked passwords were alphanumeric and did not contain any special characters or symbols

(via rief Analysis of the Gawker Password Dump – duosecurity.com)

Most notably, Wordle seems to have missed out on the numeric passwords, particularly ‘123456‘, which beats even ‘password‘.

Edited 14.12.2010 to add some more analysis of the passwords from the Wall Street Journal:

How do Gawker Media users express themselves when no one is watching? While many of their passwords are common phrases like “qwerty,” others appear distinctive to the Gawker community. Where else would “f—you,” “blahblah” and “whatever” rank among the most popular passwords? And why, oh why, is “monkey” in the top 10?

[…] users of Google and Yahoo’s email services are more likely than Microsoft email users to have passwords of eight or more characters. Popular passwords vary, as well: Gmail users are bigger X-Files fans (”trustno1″) and more likely to opt for the slightly clever variant “passw0rd.” Yahoo and Microsoft email users, meanwhile, are much more likely to get sappy with their passwords: “iloveyou.”

(via The Top 50 Gawker Media Passwords – blogs.wsj.com)

I think ‘monkey‘ is just a really popular word that most people think of when they are trying to come up with something random. Check out this very familiar list of passwords from the RockYou hack, exactly one year ago (PDF):

Lesson not learned, it seems.

Also, Duo Security have created a special site so you can check the database yourself to see if you ‘got Gawkered‘: didigetgawkered.com

Advertisements

4 thoughts on “Most common passwords in the Gawker database

  1. I’m afraid to say I recognise one of my passwords on that list. Fortunately it’s not something I’ve used for about 7 years and all my passwords these days are numbers, letters and special characters

  2. @irregularshed I used to use a single dictionary word password for non-critical sites, but I’m phasing it out now. Luckily, it’s not a word that seems to be at all common, based on what I’ve seen lately.

Comments are closed.