Stupid and simple passwords from 2018


Throughout 2018 I kept a note of all the passwords encountered across 103 onsite penetration tests I was engaged on or peer-reviewed. From all the passwords, two were extremely memorable.

Stupid and simple passwords from 2018

Posted on 2019-01-04 by Peter Bassill in category News.


News   Pentesting   CISO   Cyber Essentials  


Throughout 2018 I kept a note of all the passwords encountered across 103 onsite penetration tests I was engaged on or peer-reviewed. From all the passwords, two were extremely memorable:

4minP4ssword! was without a doubt the best worst password encountered for the Administrator user of a windows domain. It is quite surpirsing that this particular password has made a return yet again.

P4ssw0rd! is probably the MOST common password used for initial passwords, with Letmein coming a close second. Yet I encountered the password repeatedly throughout a number of engagements during 2017.

Interestingly, from the pool of passwords gained from the engagements throughout 2018, 11 new passwords were added to my password list out of more than 1,197,000 passwords cracked.

Making a better passwords


The National Cyber Security Centre’s advice to use three random words as a passphrase makes great sense, separating the words with special characters helps make a long, hard to break a memorable password. But, while I do not agree with the NCSC's stance on not needing to change the password, I do believe that you would only need to change the password every six months or so.

Top 25 List


The following list is the top 25 lines from my active password list that provide me with the most success on engagements:

1 - Abc123456!2 - password3 - P4ssw0rd!4 - 123456785 - Qwerty!6 - A123456789!7 - Letmein1!8 - letmein9 - 123456710 - football11 - iloveyou12 - admin13 - welcome14 - starwars15 - 12312312316 - January2017!17 - Sept17!!18 - qazwsx19 - trustno120 - MyPassword1!21 - LiverpoolFC4thewin!22 - 1HeartYou!23 - FuckOff!201724 - GoAway!125 - Stupid11

Check out some of our other blog articles to find out how you can set up a super secure password.


Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?