Analysis of 2020 Dark Web data reveals the same weak passwords keep being used again and again


Feb. 2, 2021 — Bowie, MD — Just like Phil Connors, Bill Murray’s character in the 1993 film Groundhog Day, is doomed to keep repeating the same things over and over, the same weak passwords keep repeating year over year. That’s the finding of the “Groundhog Day List of the 20 Most Common Passwords of 2020” released today by ID Agent, a Kaseya company and leading provider of Dark Web monitoring and security awareness training solutions. The list was compiled from a scan of nearly 3 million passwords found on the Dark Web in 2020 and includes a breakdown of the most commonly utilized types of passwords such as first names, sports references and famous people or characters which should be avoided to ensure the highest level of password security in 2021 and beyond.

“It’s fitting that our list of the most commonly found passwords on the Dark Web come out on Groundhog Day. Time and time again we see the same weak passwords and password types continue to be the most frequently used – and easily compromised – every year,” said Mike Puglia, chief strategy officer at Kaseya. “The drastic rise in cybersecurity threats in 2020 means that it’s more important than ever for those who still rely on too-easy-to-guess passwords to update them with stronger, more secure versions to ensure sensitive data is safe from bad actors.”

Top 20 Most Common Passwords Found on the Dark Web in 2020:

  1. 123456
  2. password
  3. 12345678
  4. 12341234
  5. 1asdasdasdasd
  6. Qwerty123
  7. Password1
  8. 123456789
  9. Qwerty1
  10. :12345678secret
  11. Abc123
  12. 111111
  13. stratfor
  14. lemonfish
  15. sunshine
  16. 123123123
  17. 1234567890
  18. Password123
  19. 123123
  20. 1234567

Based on analysis of the top 250 passwords found on the Dark Web, the most common types of password choices were: Names, Sports, Food, Places, Animals, and Famous People/Characters. The most common passwords for each type include:

  • Names: maggie
  • Sports: baseball
  • Food: cookie
  • Places: Newyork
  • Animals: lemonfish
  • Famous People/Characters: Tigger

When Phil Connors lists some of the constants in life such as, “Be nice to your sister,” or, “Don’t drive on the railway tracks,” (while he is driving on the railway tracks), he could have added, “Don’t use weak passwords.” When creating or updating your passwords in 2021, ID Agent offers some tips based on analysis of the data provided by the 2020 report. These include:

  • “Phil? Phil Connors?” – Don’t use your name – At least 92 of the top 250 most common passwords found on the Dark Web in 2020 were first names or variations of first names. For a stronger password, ID Agent suggests using a nonsense phrase that only you will know. (Something like Punxsutawney perhaps?)
  • “That about sums it up for me.” – Don’t be as easy as 1,2,3 – 35 of the top 250 most common passwords found on the Dark Web in 2020 included some variation of the sequential “123” – including 12 of the top 20 most common passwords. For a stronger password, ID Agent suggests using a combination of numbers, symbols, and uppercase and lowercase letters.
  • “There is something so familiar about this…” – Don’t recycle when it comes to passwords – 39% of people say most of their passwords across both their work and home applications are identical. For stronger password protection, use a different password for your various log-ins and consider a password manager or two-factor authentication.

In 2020 alone, hackers dropped more than 22 million records on the Dark Web and more than 81% of data breaches during the year were due to poor password security. To help companies combat the financial, reputational and productivity damage caused by breaches, ID Agent’s award-winning Dark Web ID monitoring platform uses human and machine intelligence to scan the Dark Web for passwords, data and other sensitive materials that can put businesses at risk for a cyberattack or data breach.

For more information on the “Groundhog Day List of 20 Most Common Passwords of 2020”, visit: https://www.idagent.com/these-bad-passwords-make-every-day-groundhog-day-for-it-teams. For more information on ID Agent and its products, visit https://www.idagent.com/.