Skip to main content

Do you have a leaky login? Study finds clear patterns in bad passwords

leaky password patterns pdg feature
We Americans make it pretty simple for hackers to break into our email accounts. A recent study of 50,000 leaked emails and passwords showed too many of us still take the easy — and easy to guess — route when choosing passwords, according to CBT Nuggets.

CBT Nuggets analyzed the leaked accounts for root words and easy-to-guess elements. Among other information, the analysis revealed the top 30 most leaked passwords, the total number of passwords leaked by name, age bracket, gender, and even state of residence. The percentage of people who use their own names in their passwords is an astounding 42.1 percent. I mean, come on. The email domains with the most leaked passwords may not surprise you, but the relationship between domains and passwords containing user names might.

Among the 50,000 accounts, of the 30 most common passwords the top 10 were love, star, girl, rock, miss, hell, Mike, John, and baby. Hackers, who have access to more than just one study of leaked info, start by running the most common passwords — if they don’t have to work hard, they won’t complain. CBT Nugget recommends definitely avoiding the most popular passwords and use made up word and letter, number, and special character combinations.

For some reason, people with certain first names are most likely to have their passwords leaked, whether they use their names in their passwords or not. For gender-indicative names (certainly not gender-specific), Mike, Chris, John, Dave or Matt are the top five for males and Jen, Jessica, Sarah, Amanda, and Michelle take the lead for women. Overall, males accounted for 53 percent of the leaked passwords and females 47 percent.

Account holder age mattered, too, with millennials far in the lead. Of the leaked accounts, fully 65 percent were 25-34 years old, followed by 16 percent aged 35-44, and 13.6 percent 21-24. All other age groupings were 2.5 percent or lower.

Within U.S. states, 4.67 leaked passwords per 100,000 residents was the average. Hawaii had the highest average at 38.71 passwords, followed by California with 18.18, and Nevada with 12.42. It’s not looking so good for states with a lot of sunshine, although Florida, while still in the top 15, had an average of 5.22 leaded passwords per 100,000. That might be related to the relative number of password leaky Millennials in the leakier states.

Perhaps the worst password mistake you can make is to use your own name in your password among the top 25 leading offenders, people names Amy used their name either as or part of their password 60 percent of the time, followed by Lisa (59 percent), Scott (56 percent), Mark (54 percent), and Laura (53 percent). Even people named Dave or David — No. 25 on the list — used their name 45 percent of the time.

Yahoo emails accounted for about 48 percent of the leaked accounts, followed by Hotmail and Gmail at 17 percent, and AOL at 7 percent. All others accounted for 10 percent. Even though AOL accounts were the least leaked, the study showed that service had the highest incidence (46 percent) of people using part of their name or username in their passwords.

The bottom line? We all need to be more careful with our email passwords, especially if you’re a millennial named Mike who lives in Hawaii.

Editors' Recommendations