TL;DR
Yes, there are several publicly available lists of commonly used passwords and passphrases. Using these (or variations of them) makes your accounts much easier to crack. This guide shows you where to find those lists and how to check if *your* password is weak.
How to Find Common Password Lists
- Have I Been Pwned? (HIBP): This website (https://haveibeenpwned.com/) doesn’t directly provide a list, but it shows you if your password has been seen in data breaches. Crucially, they publish the *most common* passwords found in those breaches.
- Troy Hunt’s Password Lists: Troy Hunt (the creator of HIBP) regularly publishes lists derived from breached datasets. You can find them on GitHub:
- SecLists: This is a comprehensive collection of passwords, usernames, and other information useful for security testing. It includes many common password lists.
- Password Cracking Tools: Many password cracking tools (like Hashcat or John the Ripper) come with built-in wordlists containing common passwords.
Checking Your Password Strength
Simply knowing lists exist isn’t enough. You need to check if *your* password is on them.
- HIBP’s Pwned Passwords Checker: The easiest way.
- Go to https://haveibeenpwned.com/Passwords
- Enter your password (it’s hashed before being checked, so HIBP doesn’t see it in plain text).
- If it appears in a breach, change it immediately!
- Using `grep` on Password Lists (Technical): If you have downloaded a password list from SecLists or GitHub, you can use the command line to search for your password.
grep -i 'yourpassword' rockyou.txtReplace
'yourpassword'with your actual password androckyou.txtwith the filename of the list. The-iflag makes the search case-insensitive. - Online Password Strength Testers: Several websites offer password strength testing.
- Be cautious about entering your *actual* password into these sites, as some may not be trustworthy. Look for reputable testers with clear privacy policies.
Common Passphrases to Avoid
Besides single words, common phrases are also easily cracked.
- Dates of birth: (e.g., 19850723)
- Names of family members or pets:
- Common English phrases: (e.g., “password”, “iloveyou”, “qwerty”)
- Keyboard patterns: (e.g., “123456”, “abcdefg”)
Improving Your Password cyber security
- Length is key: Aim for at least 12 characters, preferably more.
- Use a password manager: This generates and stores strong, unique passwords for each account.
- Mix it up: Combine uppercase letters, lowercase letters, numbers, and symbols.
- Avoid personal information: Don’t use anything easily associated with you.
- Use passphrases instead of passwords: A long, random phrase is much harder to crack than a short password.
Example: red bicycle elephant umbrella window - Enable Multi-Factor Authentication (MFA): Adds an extra layer of security.