This is a follow up list to the top 200 worst passwords which we have HERE. This list shows the top 25 most common worst passwords used in the United States. This list was compiled by looking at recently hacked website information and filtering it by country; in this case the United States.
We also took the extra step of putting this information into an algorithm that estimates how log it will take to crack each of these bad passwords. This is done through what’s called a brute force attack in which a hacker uses a list of thousands of known passwords, and tries each one of them, one at a time, until he succeeds. Brute force attacks could be easily defeated by either:
- using requiring two factor authentication (2FA/MFA) or
- limiting the number of failed attempts to three or four, before locking the account
Because Florida was the only state name in the top 25 list, it appears that much of the data we were analyzing had users in that state, which likely skewed the results. We suggest that using any of the state names, or province names, or territories as a password is a bad idea.
|Most Common Worst Password Rank||Password||Time To Crack|