Most Popular Password Is 123456

  • By Dian Schaffhauser
  • 01/17/18

If you've ever wondered what happens to all of the data in a typical breach, you simply need to peer into the "dark web," the name given to that part of the internet not indexed by the popular search engines and requiring special tools to access. The dark web hosts multiple activities, many of which are perfectly legal and others that aren't, such as markets for buying drugs, guns and, yes, data pulled off computer systems through illegal means.

Recently, researchers at security firm 4iQ reported that they'd found a database of 1.4 billion clear text credentials, an aggregate database twice as large as any other ever uncovered in the dark web. It was discovered, according to an article posted to Medium by CEO Julio Casal, "in an underground community forum." Casal wrote that none of the passwords were encrypted; after testing a "subset," many were verified to be real and still active. The database aggregated the contents from 252 data breaches, including large ones (LinkedIn) and small ones (Bitcoin).

"This database makes finding passwords faster and easier than ever before," wrote Casal. "As an example, searching for 'admin,' 'administrator' and 'root' returned 226,631 passwords of admin users in a few seconds."

Casal included a list of the 40 most commonly used passwords, along with the count of how many times they were discovered in the database. Here are the top 10:

  • 123456, found 9.2 million times;
  • 123456789, found 3.1 million times;
  • qwerty, found 1.66 million times;
  • password, found 1.3 million times;
  • 111111, found 1.3 million times;
  • 12345678, found 1.1 million times;
  • abc123, found 1.1 million times;
  • 1234567, found 970,000 times;
  • password1, found 952,000 times; and
  • 1234567890, found 880,000 times.

Since the original article appeared, Casal's company has provided a link where users can enter their e-mail addresses and receive truncated versions of passwords included in the database tied to that account. If no exposed passwords were uncovered, 4iQ will also let them know that.

"This experience of searching and finding passwords within this database is as scary as it is shocking," Casal said. "Almost all of the users we've checked have verified the passwords we found were true."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • stylized illustration of an open laptop displaying the ChatGPT interface

    'Early Version' of ChatGPT Windows App Now Available

    OpenAI has introduced a new ChatGPT Windows desktop app, about five months after the macOS version became available.

  • human figures interacting with a tablet, surrounded by floating geometric maintenance icons and faint outlines of campus elements

    Miami-Dade County Public Schools Rolls Out Facilitron Facility Management Platform

    Miami-Dade County Public Schools (MDCPS) has announced a partnership with facility management systems provider Facilitron. MDCPS has about 350,000 students across 400 campuses and is the 19th Florida school district to use Facilitron’s platform.

  • computer with a red warning icon on its screen, surrounded by digital grids, glowing neural network patterns, and a holographic brain

    Report Highlights Security Concerns of Open Source AI

    In these days of rampant ransomware and other cybersecurity exploits, security is paramount to both proprietary and open source AI approaches — and here the open source movement might be susceptible to some inherent drawbacks, such as use of possibly insecure code from unknown sources.

  • Google Classroom tools

    Google Announces Classroom Updates, New Tools for Chromebooks

    Google has introduced a variety of features across its products for education, announced recently at the 2025 BETT ed tech event in London. Among the additions are enhancements to Google Classroom and new tools for Chromebooks, "designed to help address the diverse needs of students around the world," Google said in a blog post.