Here I present the top 30 passwords taken from Troy Hunts haveibeenpwned.com/passwords website where he provides a great tool and resource to verify if your password is in a breach disclosed to Have I Been Pwned. He also released the SHA-1 hashes of over half a billion disclosed passwords to be downloaded for our own pleasure. From this I did a quick analysis.
Note, Troy did not release the plaintext passwords as some had sensitive materials; thus there was a little searching to convert these, but fortunately for us, or unfortunately depending on how you look at it, these were easy to Google/convert (e.g. put the hash into Google and find a match). It's no surprise that number sequences and keyboard patterns make up the bulk of the list. One outlier was "myspace1" which was identified 707,334 times in breach disclosures. This is likely due to the breach of passwords from the website myspace.com and users using "myspace1" to meet minimum password requirements. The infamous "password", "password1", "iloveyou", "monkey", and "dragon" appear in the top 30. People love password monkey dragons! Enjoy!
0 Comments
|
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|