You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Wed, Dec 15, 2010 : 1:26 p.m.

Ann Arbor startup identifies top 250 most common Gawker passwords

By Nathan Bomey

Dragon. Monkey. Baseball. Superman.

A motley crew, shall we say -- but they have one thing in common: They're all common online passwords, according to an analysis released by an Ann Arbor software security startup.

Duo Security, a firm led by Ann Arbor tech community activist Dug Song and University of Michigan doctoral student Jon Oberheide, today released a list of the 250 most common passwords favored by users of the blog network associated with Gawker.com.

Gawker Media last weekend acknowledged that hackers had stolen its list of 1.3 million user names, e-mail addresses and passwords. Shortly thereafter, hackers released the list online.

Duo, describing the incident as a "serious exposure" of private information, employed algorithms to analyze the list and launched a web site to help users find out whether their personal information was published.

Duo, which recently changed its name from Scio Security and is developing and selling a two-step digital authentication system aimed at reducing security incidents, said the incident could expose users to identify theft.

"Services that lack a strong secondary authentication and host users who are sharing passwords (which, let's be honest, most users probably do) face the greatest risk," Duo said in a blog post. "Attackers will undoubtedly be testing the cracked passwords against both personal and corporate services such as e-mail accounts, online banking sites, VPN remote access logins."

Since the information was released, however, Duo analyzed the list to determine which passwords were most common. The list of the top 250 passwords is available here (warning: some profanity). For now, here's just the top 20.

1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 12345 7. monkey 8. 111111 9. consumer 10. letmein 11. 1234 12. dragon 13. trustno1 14. baseball 15. gizmodo 16. whatever 17. superman 18. 1234567 19. sunshine 20. iloveyou

Contact AnnArbor.com's Nathan Bomey at (734) 623-2587 or nathanbomey@annarbor.com. You can also follow him on Twitter or subscribe to AnnArbor.com's newsletters.

Comments

SonnyDog09

Thu, Dec 16, 2010 : 7:40 a.m.

Hey! 111111 is the combination to my luggage!

mrk

Wed, Dec 15, 2010 : 8:42 p.m.

Interesting (especially "monkey"?!). I'm sure pets and children are common... so if you know the person personally you're in! The best advice I ever got on password creation was at the University of Michigan freshman orientation- think of a sentence and then use the first letter of each word, and include at least one non-number or letter character. Almost impossible to guess but easy for you to remember the sentence... like "I graduated from U of M in 02!"... would be IgfUoMi02!.

Soothslayer

Wed, Dec 15, 2010 : 7:58 p.m.

@Urban - There is no membership at 4chan ergo no group. The viewers act more like an amorphous mob consciousness if anything. What "it" decides to react to or act on isn't necessarily coordinated in any respect and spreads more or less unpredictably, sometimes without provocation and often without more than a single participant. Also referring to the term "Anonymous" as a group is somewhat inane and irritating. tl;dr: Don't start none, won't be none. If you don't want to get hacked or made a fool of it's probably best not to provoke. Just sayin'.

Nathan Bomey

Wed, Dec 15, 2010 : 3:08 p.m.

@EyeHeartA2 No. 21 is an expletive, so I figured that was a good point to cut it off!

AlphaAlpha

Wed, Dec 15, 2010 : 2:54 p.m.

One of the downsides of edit copy paste w/out looking at the screen... double duh

AlphaAlpha

Wed, Dec 15, 2010 : 2:52 p.m.

All - Thanks...the 1 looked like an L with the default font the text file opened with. Duh...

Urban Sombrero

Wed, Dec 15, 2010 : 2:25 p.m.

I'm not surprised that this happened to Gawker, especially since they've run so many stories on 4chan, Anonymous and /b/ lately. (Even though, supposedly, the group who hacked them denies they're related to 4chan.) I'm just glad my account wasn't one of the ones compromised, but I changed my password anyway.

Slider

Wed, Dec 15, 2010 : 2:22 p.m.

I really didn't see dragon coming.

Rob

Wed, Dec 15, 2010 : 2:18 p.m.

"does anyone have a clue why the p/w 1q2w3e4r is ranked so highly ranked? Odd..." Look at how those keys are placed on your keyboard.

in situ

Wed, Dec 15, 2010 : 2:17 p.m.

Hmmm...I don't know, maybe because it's kind of fun to type? Try it!

Jake C

Wed, Dec 15, 2010 : 2:17 p.m.

AlphaAlpha: 1234 + qwer = 1q2w3e4r. Lazy and supposedly "hard to hack" at the same time. Not anymore!

AlphaAlpha

Wed, Dec 15, 2010 : 2:10 p.m.

Thanks for the chuckles, Mr. Bomey. A fun read. Most of the p/w's are understandably easy; does anyone have a clue why the p/w 1q2w3e4r is ranked so highly ranked? Odd...

Registration on or use of this site constitutes acceptance of our User Agreement and Privacy Policy

© 2013 MLive Media Group All rights reserved (About Us). The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of MLive Media Group