We learned last week that about 400,000 Yahoo Mail passwords were apparently leaked. Another annoying bit of news for those who struggle to come up with new secret codes. But it has given us another look into the psychology of password creation.
Both Swedish security expert Anders Nilsson and Declan McCullagh of CNET ran the numbers on the leaked passwords. Their results differ very slightly in a few places, but mostly match up. "abcdef," strings of keyboard letters like "qwerty" and ascending numerals were common. More interesting are the most frequently used "base words," according to Nilsson:
The overall top 10 also include "sunshine" and "princess." (We love freedom, monkeys, sunshine, and ninjas -- yes, that sounds like the Internet.) Among the top-used first names, according to McCullagh's list, are michael, jordan and michelle (case sensitive). Nilsson also indicates that of passwords that end in a number 0-9, 1 is, not surprisingly, the most popular. When a number is required, it's so tempting to just move your left pinky to tack on a 1. But 5, which came in last, may be the safer choice.
"monkey" also shows up (along with "qwerty," "password," and the other gimmes) among the common passwords from the 2010 Gawker hack. Makes sense -- who doesn't love a monkey? But the Gawker list has a slightly darker edge to it than the Yahoo one: "trustno1" edges out "princess" and "sunshine."