Worst passwords in the world revealed

Trustwave’s SpiderLabs recently published details of approximately two million compromised accounts, which included the most common passwords used online.

According to Trustwave’s SpiderLabs they discovered the credentials while investigating a server that cyber criminals use to control a massive network of compromised computers known as the “Pony botnet.”

Most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter and LinkedIn.

The company released some of the statistics regarding the compromised accounts:

  • 1,580,000 website login credentials stolen
  • 320,000 email account credentials stolen
  • 41,000 FTP account credentials stolen
  • 3,000 Remote Desktop credentials stolen
  • 3,000 Secure Shell account credentials stolen

Most used passwords

Trustwave’s SpiderLabs said that the most commonly used passwords “were far from what your CISO would like to see”.  Here are the most used (worse) passwords:

  1. 123456
  2. 123456789
  3. 1234
  4. password
  5. 12345
  6. 12345678
  7. admin
  8. 123
  9. 1
  10. 1234567
  11. 111111

Overall password strength

Trustwave’s SpiderLabs said that their analysis shows that passwords that use all four character types and are longer than 8 characters are considered “Excellent”. Passwords with four or less characters of only one type are considered “Terrible”.

“Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category,” the company said.

Password strength
Password strength (from Spiderlabs)

The full report is available here

More security news

2 million stolen passwords uncovered

Data spies worry over Snowden’s “doomsday” cache

NATO launches massive cyber-security exercises

Pirate Bay hacker to be handed over

Latest news

Partner Content

Show comments


Share this article
Worst passwords in the world revealed