Skip to main content

123456: Adobe hack highlights people’s penchant for crap passwords

username and password shutterstock

Despite the endless warnings, despite all the advice, despite the plethora of useful articles on the matter, it seems computer users everywhere just can’t help creating really crap passwords.

Analysis of user passwords gathered from the recent Adobe attack reveal a Top 20 list full of easy-to-remember but equally easy-to-guess passwords, with “123456” topping the chart.

The Adobe hack affected 38 million accounts, though this figure relates only to active users. The security breach actually hit more than 150 million accounts, though most are no longer used.

Adobe has changed passwords on affected accounts and contacted users to let them know how to reset their account with a personally chosen password. It also instructed users to change their passwords on any other website where they may have used the same user ID and password as their Adobe account.

Some of the stolen data has started to show up across the Web, with Internet security researcher Jeremi Gosney uncovering a mass of passwords, despite the US software giant saying they were protected by encryption. However, an Adobe spokesperson said last week that up to now there have been no reports of suspicious activity on user accounts affected by the security breach.

Now that you know “123456” topped the list of 1.9 million passwords, perhaps you can guess what came in at number 2…..“123456789”. Number 3 will be enough to make any Web security advisor consider giving up the day job in despair: “password”.

Crap passwords

Here are the rest of the top 20 most popular passwords gathered from the Adobe hack: adobe123 / 12345678 / qwerty / 1234567 / 111111 / photoshop / 123123 / 1234567890 / 000000 / abc123 / 1234 / adobe1 / macromedia / azerty / iloveyou / aaaaaa / 654321

The thing is, if someone uses a number like “123456” for their password on one site, it’s a safe bet they use the same number on all the websites for which they have accounts, as you’d only get confused if you had a different number for each site – unless, of course, you keep all your passwords in a big red notebook with “MY PASSWORDS” written on the front. And those who have “adobe123” as their password no doubt also use “facebook123”, “twitter123”….you get the idea.

Gosney says that he’s currently unable to verify the passwords he uncovered, though he’s “fairly confident” of the list’s accuracy. To find out more about how he collected the data, and to see the top 100 passwords as selected by Adobe users, click here.

Meanwhile, if, after looking through the list above, a bead of sweat has formed on your brow as you start to realize how ridiculously simple your passwords are (or should we say “password is”?), then check out this article to find out how to create something a little more secure. Or get an app to help you.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Report shows many web surfers are still using ‘123456’ as their password
A password screen with an indecipherable password inputted.

For some reason, many web surfers accessing the internet don’t appear to be listening. Despite warnings by experts and countless reports of hacking, identity theft, online fraud, and more, there are people still using “123456” as a password. That simple sequence of numbers reigns king on the new top 100 worst passwords list of 2017.

According to numbers provided by SplashData, the use of “123456” as the No. 1 bad password hasn’t changed in years. The firm provides its list of the top 100 worst passwords each year, and shows that “123456” officially unseated “password” from the top spot in 2013. Since then, 123456 remains at the top of the list followed by “password” and several other common words and numbers.

Read more
You might be among those hit by the Equifax hack. How will you protect yourself?
Close-up of hands on a laptop keyboard in a dark room.

Equifax, one of the big three credit monitoring bureaus -- along with TransUnion and Experian -- gathers information on basically every American with a credit card in order to determine their credit-worthiness and keep track of their credit histories. As you've probably heard by now, Equifax suffered a massive hack recently, and for some 143 million Americans, the sensitive personal information contained in those credit reports is now compromised.

Their information -- your information -- might be out there among the treasure trove of stolen information hackers made off with. There's not much you can do about it, but there are a few steps you can take to protect yourself from something like the Equifax hack. So, how will you protect yourself and your credit from falling prey to internet criminals hungry for a slice of your credit?

Read more
Man responsible for strong password requirements regrets his 2003 guidelines
strong password

The man responsible for your requirement to use a combination of lower-case letters, upper-case letters, numbers, and symbols in passwords at least eight characters long is now regretting his advice. Former National Institute of Standards and Technology manager Bill Burr recently admitted in an interview with The Wall Street Journal that his 2003 document about crafting strong passwords and changing them every 90 days was somewhat off the mark.

At the time, he said that users will choose an easily remembered, easily guessed password, and likely one stemming from a batch of “a few thousand commonly chosen passwords.” In turn, hackers trying to gain access to user accounts, computers, and so on would try the most likely chosen passwords first. But even though services would reject specific passwords given their common use, Burr suggested a more secure alternative.

Read more