We asked network security experts to tell us which passwords Americans just can't stop using right now, even though they should. Here's what they told us. Yes: A bizarrely high number of Americans are taking the name of a sometimes-troubled actor, moving some characters around, and calling it a password.
"This was cracked from a wordlist," VIPRE Chief Product Officer Usman Choudhary says. "You can bank on pretty much any famous person out there -- actors, celebrities, athletes, you name it -- being in wordlists because people have [them] in their passwords."
Who on Earth would use "admin" as both a username and password? Well, Equifax, that's who.
Andrew Morris, threat researcher at Endgame, says this one featured prominently in the leaked "Exploit.in" password dump, which contains over 800 million plaintext usernames and passwords presumably cracked from different sources and leaked onto the darknet.
This was another trend unearthed in the "Exploit.in" password dump, along with ...
Too many people (World of Warcraft players maybe?) use this one, according to Keeper Security, which analyzed 10 million passwords that were breached in 2016 and shared a list of the top 25 most common ones.
Shorthand for "Use the Force, Luke."
"An attacker will be able to guess this one in minutes," says Jason Hong of the Carnegie Mellon School of Computer Science. "Anything that has a common pattern is easily breakable."
Ajit Sancheti, co-founder and CEO of cybersecurity startup Preempt, and his team, created a list of categories for most common passwords they're seeing. A big one: Fictional characters. If you're a fan of Superman, chances are, so are hackers.
Maybe it's a reference to the Broadway-musical-turned-movie Rent, or maybe it's just somebody's apartment. Either way, it's a staple in any brute force dictionary these days.
"We're seeing lots of variations on the word 'rent' plus a string of numbers after it," says RJ Gazarek, a security expert at Thycotic. "Helpful hint - a simple word, and a string of numbers, does not make a strong password."
We can't figure out the logic behind this one. But Sancheti says the name is too frequently used, and way too easy to crack.
Another password that showed up frequently during the "Exploit.in" password dump, according to Morris. Not clever. Not unique. Not smart to use.
"This password pattern -- MyMom, MyDad, MySister -- is used widely and included in a lot of brute force dictionaries," Gazarek says.
Here's another one used in a lot of brute force dictionaries. "007Bond, 007Goldfinger, 007BondGirls... although easy to remember, none of these will keep you safe," Gazarek says.
Common pet names are easily cracked right now, says Andrew Newman, CEO of Reason Software Company. That goes for popular names such as Smokey or BabyGirl; or less common pet names, such as Keppie (seen here being WAY too complacent about her password).
That's the registry number for the Federation ship Enterprise ... but the call letters for the spanking-new Discovery (NCC-1031) probably aren't much safer.
"These [terms] are all in any password dictionary used by hackers," says Matt Devost, managing director of Accenture Security.
Keep reading for still more terms that are way too popular right now ... both for users and for hackers, according to our security experts.