We’ve all been there. You’re signing up for a new streaming service, a forum, or an online store. The screen prompts: “Create a password.”
| Rank | Password | Time to Crack | |------|----------------|---------------| | 1 | password | < 1 sec | | 2 | admin | < 1 sec | | 3 | 123456 | < 1 sec | | 4 | iloveyou | < 1 sec | | 5 | football | < 1 sec | | 6 | baseball | < 1 sec | | 7 | dragon | < 1 sec | | 8 | master | < 1 sec | | 9 | sunshine | < 1 sec | | 10 | ashley | < 1 sec | | 11 | monkey | < 1 sec | | 12 | superman | < 1 sec | | 13 | letmein | < 1 sec | | 14 | trustno1 | < 1 sec | | 15 | michael | < 1 sec | Even adding 2024 or ! to the end of these words does almost nothing. Hackers have rule-sets that try Dragon1 , Dragon! , Dragon2024 in under a second. The Fallacy of “Leet Speak” (e.g., p@ssw0rd ) You might think, “I’ll just replace ‘a’ with ‘@’ and ‘o’ with ‘0’.” Sorry to break it to you, but cracking tools have included leet speak substitutions for over a decade. password words list
Have you ever had an account hacked because of a weak password? Share your story (anonymously) in the comments—it might help someone else avoid the same trap. We’ve all been there