The Sydney Morning Herald has a story up today about a report of the most common passwords (download the report PDF here). The gist is that a lot of people are using overly simple or predictable passwords, which are easy to crack. Here’s the list (the number in brackets is the number of instances of that password being used in the sample of 32 million):

1. 123456 (290,731)

2. 12345 (79,078)

3. 123456789 (76,790)

4. Password (61,958)

5. iloveyou (51,622)

6. princess (35,231)

7. rockyou (22,588)

8. 1234567 (21,726)

9. 12345678 (20,553)

10. abc123 (17,542)

11. Nicole (17,168)

12. Daniel (16,409)

13. babygirl (16,094)

14. monkey (15,294)

15. Jessica (15,162)

16. Lovely (14,950)

17. michael (14,898)

18. Ashley (14,329)

19. 654321 (13,984)

20. Qwerty (13,856)

Now, there are a number of observations we could make here. For instance, the top password was used by 290,731 people, which seems like a lot, but is only 0.00908534375% of the sample. But I guess if you add up the people using easily-guessed numerical sequences, the percentage would be a bit higher.

The observation I can’t help making is that passwords can reveal things about the user’s personality. For instance, people called, or in love with people called, Nicole, Daniel, Jessica, michael, or Ashley, are likely to be less knowledgable about or concerned with computer security. And (assuming these are direct transcriptions), these people don’t like to capitalise the name “Michael”.

We may also observe that these people find the phrase “I love you” is one that springs to mind automatically, when the question is “Please choose a password for your account”. This suggests a lack of intellectual seriousness (joke!).

I’m disappointed but not surprised that a lot of females, plus a few gay males, like to think of themself as a “princess”. I was more confused by the phrase “rock you” being a popular password, until I noted that these samples were all hacked from a website called I dread to think what kind of site that might be.

“babygirl” is presumably a self-given nickname in the same vein as “princess”. “monkey” is more likely to be a nickname for someone else. Or else, as with “I love you”, it’s a verbal expression that seems ready to launch itself at any moment to the surface of consciousness, for reasons I cannot immediately discern.

“Lovely” is a weird choice for a password (especially if it’s deliberately capitalised). I can’t imagine it being the choice of many males who are not highly effeminate. Notice that there are no masculine equivalents in the list, e.g. “terminator”, “rambo”, “hellyeah”, “laydeez”, or, indeed, “ilovepussy”. Either men are cannier with their passwords, or they are the ones who picked all the numerical passwords, or the people who frequent are mostly female, or else there are some males there, but they are completely illiterate.

“Qwerty” was presumably the choice of people who’ve done typing courses, or are interested in the history of the keyboard. What do you think?