Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites. Since then I have collected a large number of new passwords bringing my current list to about 6.5 million unique username/password combos, including many of those that have been recently made public*.

At some point I will make this full data set publicly available but in the meantime, I have decided to release the following list of the top 10,000 most common passwords. This list is ranked by counting how many different usernames appear on my list with the same password. Note that for this list, I do not take capitalization into consideration when matching passwords so this list has been converted to all lowercase letters.

Here are the files:

[Links removed as they are quite old. See this article for a more updated list]

While many people have improved the security and strength of their passwords, there are still a huge number of people who pick from a very small list of common passwords. In fact, 40% of all passwords appear in the top 100 list.

Here are some interesting facts gleaned from my most recent data:

0.5% of users have the password password;

0.4% have the passwords password or 123456;

0.9% have the passwords password, 123456 or 12345678;

1.6% have a password from the top 10 passwords

4.4% have a password from the top 100 passwords

9.7% have a password from the top 500 passwords

13.2% have a password from the top 1,000 passwords

30% have a password from the top 10,000 passwords

So how does the new top 500 list compare to my old top 500 list? Here is a visual diff that shows how it has changed: