Saturday, February 13, 2010

Top 500 worst Passwords of all time

These are the top 500 worst passwords you could possibly use. The following list is from Mark Burnett's 2005 book Perfect Passwords: Selection, Protection, Authentication, where he has compiled the most commonly used passwords by people all over the internet. Though the compiled list is now old, considering that it's the year 2010 now, a full five years on, this list still has got a lot of importance. Though the trend might have shifted a little, with internet users becoming more aware of all these security issues, but even today most people still use some of these passwords.

Crackers use these commonly used lists of passwords to break into accounts of their targets using a technique called Brute forcing. This technique essentially involves trying out different password combinations for an account as if you were 'guessing' and trying to break in. That's where the term 'brute force' comes in. The only difference being that nothing is being done manually, instead, brute forcing tools are used to do this work. List of these guessable passwords, called as the 'hacker dictionary file', is used in brute forcing tools thus essentially automating the guessing process. This technique of brute forcing using a dictionary file is also known as Dictionary Attack. A hacker dictionary file can also be a collection of words from the standard dictionary. Well known examples of dictionary attack software tools include:
As said above, such techniques make use of these dictionary files that contains list of all the common words that people use as passwords and hence staying away from these or their derivatives is very important. Below is a small excerpt and the list of 500 worst possible passwords that one could possibly have, compiled by Mark Burnett.

From the moment people started using passwords, it didn't take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.
There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:
ncc1701 The ship number for the Starship Enterprise
thx1138 The name of George Lucas's first movie, a 1971 remake of an earlier student project
qazwsx Follows a simple pattern when typed on a typical keyboard
666666 Six sixes
7777777 Seven sevens
ou812 The title of a 1988 Van Halen album
8675309 The number mentioned in the 1982 Tommy Tutone song. The song supposedly caused an epidemic of people dialing 867- 5309 and asking for "Jenny"
"...Approximately one out of every nine people uses at least one password on the list shown in Table 9.1! And one out of every 50 people uses one of the top 20 worst passwords.."
Lists the top 500 worst passwords of all time, not considering character case. Don’t blame me for the offensive words; you were the ones who picked these, not me.
NOTop 1-100Top 101–200Top 201–300Top 301–400Top 401–500
1123456porschefirebirdprincerosebud
2passwordguitarbutterbeachjaguar
312345678chelseaunitedamateurgreat
41234blackturtle7777777cool
5pussydiamondsteelersmuffincooper
612345nascartiffanyredsox1313
7dragonjacksonzxcvbnstarscorpio
8qwertycamerontomcattestingmountain
9696969654321golfshannonmadison
10mustangcomputerbond007murphy987654
11letmeinamandabearfrankbrazil
12baseballwizardtigerhannahlauren
13masterxxxxxxxxdoctordavejapan
14michaelmoneygatewayeagle1naked
15footballphoenixgators11111squirt
16shadowmickeyangelmotherstars
17monkeybaileyjuniornathanapple
18abc123knightthx1138raidersalexis
19passicemanpornosteveaaaa
20fuckmetigersbadboyforeverbonnie
216969purpledebbieangelapeaches
22jordanandreaspiderviperjasmine
23harleyhornymelissaou812kevin
24rangerdakotaboogerjakematt
25iwantuaaaaaa1212loversqwertyui
26jenniferplayerflyerssuckitdanielle
27huntersunshinefishgregorybeaver
28fuckmorganpornbuddy4321
292000starwarsmatrixwhatever4128
30testboomerteensyoungrunner
31batmancowboysscoobynicholasswimming
32trustno1edwardjasonluckydolphin
33thomascharleswalterhelpmegordon
34tiggergirlscumshotjackiecasper
35robertbooboobostonmonicastupid
36accesscoffeebravesmidnightshit
37lovexxxxxxyankeecollegesaturn
38busterbulldogloverbabygemini
391234567ncc1701barneycuntapples
40soccerrabbitvictorbrianaugust
41hockeypeanuttuckermark3333
42killerjohnprincessstartrekcanada
43georgejohnnymercedessierrablazer
44sexygandalf5150leathercumming
45andrewspankydoggie232323hunting
46charliewinterzzzzzz4444kitty
47supermanbrandygunnerbeavisrainbow
48assholecompaqhorneybigcock112233
49fuckyoucarlosbubbahappyarthur
50dallastennis2112sophiecream
51jessicajamesfredladiescalvin
52pantiesmikejohnsonnaughtyshaved
53pepperbrandonxxxxxgiantssurfer
541111fendertitsbootysamson
55austinanthonymemberblondekelly
56williamblowmeboobsfuckedpaul
57danielferraridonaldgoldenmine
58golfercookiebigdaddy0king
59summerchickenbroncofireracing
60heathermaverickpenissandra5555
61hammerchicagovoyagerpookieeagle
62yankeesjosephrangerspackershentai
63joshuadiablobirdieeinsteinnewyork
64maggiesexsextroubledolphinslittle
65bitemehardcorewhite0redwings
66enter666666topgunchevysmith
67ashleywilliebigtitswinstonsticky
68thunderwelcomebitcheswarriorcocacola
69cowboychrisgreensammyanimal
70silverpanthersuperslutbroncos
71richardyamahaqazwsx8675309private
72fuckerjustinmagiczxcvbnmskippy
73orangebananalakersnipplesmarvin
74merlindriverrachelpowerblondes
75michellemarineslayervictoriaenjoy
76corvetteangelsscottasdfghgirl
77bigdogfishing2222vaginaapollo
78cheesedavidasdftoyotaparker
79matthewmaddogvideotravisqwert
80121212hooterslondonhotdogtime
81patrickwilson7777parissydney
82martinbuttheadmarlbororockwomen
83freedomdennissrinivasxxxxvoodoo
84gingerfuckinginternetextrememagnum
85blowjobcaptainactionredskinsjuice
86nicolebigdickcartereroticabgrtyu
87sparkychesterjasperdirty777777
88yellowsmokeymonsterforddreams
89camaroxavierteresafreddymaxwell
90secretstevenjeremyarsenalmusic
91dickviking11111111access14rush2112
92falconsnoopybillwolfrussia
93taylorbluecrystalnipplescorpion
94111111eaglespeteriloveyourebecca
95131313winnerpussiesalextester
96123123samanthacockfloridamistress
97bitchhousebeerericphantom
98hellomillerrocketlegendbilly
99scooterflowerthemanmovie6666
100pleasejackoliversuccessalbert

The two entries for zeroes is a spreadsheet formatting error. That is a spreadsheet like MS Excel won't recognize between 0000 and 0000000 when entered inside the cell under default formatting. It will automatically consider them as 0 (that's natural mathematics!).

Brute forcing tools and techniques are also used for checking the strength of user password as a security measure. While we may never know whether these password lists are being used by crackers and hackers or if they are being used by security professionals, it's always recommended that we use a password that is difficult to guess by using different combination of uppercase and lowercase letters and numbers and also making sure that these are changed periodically without repeating them. Because hackers won't be using these 500 word list, they have thousands of them. Better be safe than sorry :)

You may download a free brute force tools called John the Ripper from here.
Dictionary files can be found below
Oxford University Wordlist (ftp)
The Argon wordlist 

No comments:

Post a Comment

Please post your comments on whether you liked it and what else would you like me to write on. Suggestions of all types are welcome.