“Love,” “Star,” and “Girl” the Most Common Words Used in Leaked Passwords, Reveals Study

December 12, 2017 2:46 pm David Bisson

A new study has revealed that “love,” “star,” and “girl” were among the most common words used in leaked passwords.

For their analysis, researchers at IT training provider CBT Nuggets examined 50,000 leaked emails and passwords using the fullcontact.com API. Those credentials gave them information on the affected users’ genders, ages, names, and locations.

The team found that several words occurred across their pool of compromised combinations. “Love,” “star,” “girl,” and “angel” were the most common, followed by “rock,” “miss,” and “hell.”

But that’s not even the worst of it. CBT Nuggets explains in a blog post:

“If using personal data in a password is a big no-no, using your own name is an even worse mistake….

“Although many users know that name-password combinations are insecure, more than 42 percent of those 50,000 leaked passwords still included usernames, passwords, or real names. The worst offenders?

“People who are named Amy, Lisa, Scott, Mark, or Laura.”

The study also provides some information about the affected users’ demographics. For instance, users aged 25 to 34 were four times more likely to be hacked than any other age group. Those individuals were mostly men with common first names like Mike, Chris, John, or Dave.

Among those passwords analyzed, Yahoo had three times as many of them as did Hotmail, Gmail, or any other email provider. No doubt the 2014 breach of 500 million Yahoo users’ accounts we learned about in September had something to do with it.

CBT Nuggets’ study demonstrates that users continue to employ weak passwords that incorporate dictionary words and/or personal information. Unfortunately, bad actors can easily break those combinations using brute force attacks, which poses a serious risk to organizations’ corporate data.

Companies should respond to that threat by training their employees about password security best practices. They can do so via the use of third-party security awareness training software.