Top 10 Most Common Passwords – Yahoo Leak

common passwords
Most Common passwords to avoid!

We’ve all heard about the Yahoo data breach leaving 500 million customers at risk.  A list of the 10 most common passwords were compiled from analysis of the leaked data by researchers from the University of Lancaster, Peking University and Fujian Normal University.  Through examining obsolete accounts from the leaked Yahoo database they created an algorithm to guess the passwords.  Amazingly they achieved a 73% success rate. 

The 10 most common passwords used to protect Yahoo accounts were as follows:

  1. 123456
  2. password
  3. welcome
  4. ninja
  5. abc123
  6. 123456789
  7. 12345678
  8. sunshine
  9. princess
  10. qwerty

Not surprisingly the two most popular on the list mirror the findings from many articles on worst passwords.

Dr Jeff Yan, a senior computing lecturer at the University of Lancaster, and co-author of a paper on password cracking, told the Daily Mail Online:

Why do some use obvious passwords?  A main reason I think is that they’re either unaware of or don’t understand the risks of online security”.

The study also found that many passwords consisted of combinations of users names, ages, birth dates.  They surmised that not only are hackers using generic passwords to hack into and guess passwords, they found that with access to just a few personal details hackers could guess a large proportion of accounts, a problem which is currently vastly underestimated.

What needs to be done?

Research like this should be a wake up call we shouldn’t be making it so easy for criminals.  The study underlined the need for people to vary passwords across accounts.  By reusing or using variations of the same password across numerous sites leaves you more vulnerable to further accounts being compromised.

The paper furthermore highlights the need for internet service providers to step in and take some responsibility, in terms of reviewing and improving the security measures they have in place to detect and eliminate online guessing:

“Existing password creation rules and strength meters take no account of the targeted online guessing threat, which is increasingly more damaging and realistic.”

In our experience to make a strong password we’d recommend using a mixture of numbers, upper and lower case letters, (but not abc123 which made it to number 5 on the list!), with a few symbols thrown in for good measure.  Make each password unique, don’t make it easy for hackers, the longer and more complex the password the harder it is for hackers to crack.

Leave a Reply

Your email address will not be published. Required fields are marked *