Following up on a recent spate of attacks that exploited weak passwords on Windows servers, researchers have compiled a list of commonly used passwords that are alarmingly easy to brute force.
Last month, cybersecurity company Guardicore revealed it had discovered a resurgence in Purple Fox malware. Attackers were compromising Windows machines via a new infection vector, brute forcing into internet-connected Windows servers.
Expanding upon this work, researchers from password management and authentication solution vendor Specops Software deployed a global honeypot system to determine the weakest passwords and strengthen its Breached Password Protection list.
- We’ve also rounded up the best business password managers
- Shield yourself with these best identity theft protection services
- Secure your credentials with one of the best security keys
According to its analysis, "123" (used 842 times), "Aa123456" (used 801 times) and "password" (used 640 times) were the top three most commonly used passwords, despite the abundance of password generators available.
Weakest link
In all, Specops studied more than 250,000 attacks over a month to compile a list of the most commonly used passwords.
“The data tells us that these passwords are weak and again the password is the weakest link in IT security,” said Thorbjörn Sjövold, Head of Research at Specops Software.
In addition to the top three, "1qaz2wsx", "12345678", "a123456", "password1", "abc123", and "111111111" round out the top ten.
- These are the best identity theft protection tools
