2 min

UK payment provider Dojo analyzed over 6 million passwords from the RockYou2021GitHub collection of breached password lists. The study uncovered frequently used passwords, their average length, and the popular subjects that appeared in numerous breaches.

Hackers employ various tactics to crack passwords. Brute force attacks involve automated tools running through millions of potential passwords per second. Similarly, dictionary attacks rely on checking common words and phrases.

Cybercriminals may even scour social media for personal details that could assist in guessing passwords. Other common methods are phishing attacks, where attackers trick users into revealing sensitive information, and password theft through malware.

Type of characters

Dojo’s findings show the type of characters in a password determines its vulnerability. Passwords consisting only of lowercase letters are popular but highly vulnerable. A six-character lowercase password can be cracked instantly, while a seven-character one takes only 0.12 seconds.

Even adding an uppercase letter, number, or special character to a short and predictable password provides limited protection. Passwords starting with an uppercase letter and ending with a special character were frequently discovered in data breaches.

Subjects and themes also played a role in hackable passwords. Dojo’s analysis showed that nicknames and terms of endearment were the basis for passwords over a million times.

What most people like

TV show character names and titles occurred hundreds of thousands of times. Colours, fashion brands, cities, countries, movies, body parts, car brands, pet names, swear words, and video game characters were among the popular topics in breached passwords.

Noteworthy choices among nicknames and terms of endearment included “King,” “Rose,” “Love,” “Boo,” “Hero,” and “Angel.” Common colour-themed passwords were “Red,” “Blue,” “Black,” “Gold,” and “Green.” Video game enthusiasts opted for character names like “Joel” (from The Last of Us), “Q*Bert,” “Link” (from The Legend of Zelda), “Mario” (from Super Mario Bros.), and “Ryu” (from Street Fighter).

By understanding the most commonly hacked passwords and the tactics employed by cybercriminals, users can take proactive steps to enhance their online security.

Also read: Google adds 5 new features to Password Manager in Chrome