The Top 50–Cracked Passwords

Source: https://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/

 

Readers of Gizmodo, Lifehacker and other Gawker Media sites may be among the savviest on the Web, but the most common password for logging into those sites is embarrassingly easy to guess: “123456.” So is the runner-up: “password.”

On Sunday night, hackers posted online a trove of data from Gawker Media’s servers, including the usernames, email addresses and passwords of more than one million registered users. The passwords were originally encrypted, but 188,279 of them were decoded and made public as part of the hack. Using that dataset, we found the 50 most-popular Gawker Media passwords:

clip_image001e

How do Gawker Media users express themselves when no one is watching? While many of their passwords are common phrases like “qwerty,” others appear distinctive to the Gawker community. Where else would “f—you,” “blahblah” and “whatever” rank among the most popular passwords? And why, oh why, is “monkey” in the top 10?

At least two popular passwords are science-fiction references: “trustno1″ was Special Agent Mulder’s password on “The X-Files,” and “thx1138″ is a George Lucas film that envisioned a dystopian future. (There’s no way to tell, but these were likely created by users of  io9, Gawker Media’s popular  sci-fi site.) Other popular passwords are just plain-old geeky: “dragon,” “superman,” “princess,” “starwars” and “nintendo.” W00t!

The set of Gawker Media passwords differs significantly from a cache of 10,000 Hotmail passwords that leaked online last year, though “123456″ was the most popular among both groups. In both cases, the datasets only include passwords that could be decoded and aren’t necessarily representive of all users. For instance, more complex passwords may be harder to decode. We eliminated all identifiable information from the data we studied.

clip_image002

A plurality of Gawker Media passwords are six characters long, but we wondered whether that and other results might differ based on the user’s email provider. Indeed, users of Google and Yahoo’s email services are more likely than Microsoft email users to have passwords of eight or more characters. Popular passwords vary, as well: Gmail users are bigger X-Files fans (”trustno1″) and more likely to opt for the slightly clever variant “passw0rd.” Yahoo and Microsoft email users, meanwhile, are much more likely to get sappy with their passwords: “iloveyou.”

clip_image003

By this evening, Gawker Media said it had sent nearly 1.5 million emails to users notifying them of the hack. Slate put together a great tool for checking whether your information was compromised. And one of the best guides to creating a strong password (hint: not “123456″) is available on Lifehacker, a Gawker Media site.