Password Recovery

The Password List: Top 10 Most Common Passwords You Should Avoid

4 years ago in Hacking/Privacy
password list

We all know that you cannot use a weak and predictable password. It makes it easy for hackers to access your account. In this guide, you will be presented with a password list of the top ten most common passwords that you should absolutely avoid.

Top 10 Password You Should Avoid

Number Passwords

There are a lot of numeric numbers that are highly predictable. A good example is using numbers in sequences such as 1234, 1234567, 123456, 12345678, 123456789.

Also, avoid using numeric numbers with repeated digits as your password. For instance, 111111, 000000, 7777, 2000, 1212. These are very predictable!

Additionally, avoid combining these digits with repeated alphabets. A hacker trying to get access to your account can gain access with these predictable numbers through specialized software.

Computer Keyboard Sequence

Do not use any password that can be easily detected on the keyboard. For instance, qwerty, qwertyuiop, zxcvbnm, or asdfghjkl. Do not also use any of these in all capital or all lower case form.

The passwords are selected from a single roll on the keyboard and can be easily predicted.

Popular Alphanumeric Passwords

most common passwords

This includes passwords with a mixture of both numbers and alphabets. Although, a strong mix of these two can help secure your account, using predictable alphanumeric passwords can ruin your accounts. Some of these passwords include abc123, 123abc, trustno1, password1, welcome1.

The above-mentioned passwords were among the most widely used passwords in 2012, according to a report by CNN.

Alphanumeric passwords are fast becoming popular because some sites and accounts made them mandatory. The idea behind this is to build a strong password and not to use very common ones.

Craft a good alphanumeric password and store this in your password list so that whenever you forget, you can easily access it on your list.

“Password”

This might sound a bit weird but it is very common. Many people think by using “password,” either in all cap or lowercase or with “@,” it would help secure their accounts. This is a lie. In fact, if “password” is your password, it is advisable you change it immediately. It is very easy to guess the password of an account stored with the word “password.”

Hobbies And Common Sports

Names of hobbies and sports are highly predictable. If a hacker has personal information about you, your hobbies or choice of sports would be among his or her first few predictions. Avoid using your hobby, your sport or any popular sport as your password.

Animal Names or Nature Words

This is similar to using a hobby or sport. A lot of people use their favorite pet or animal as their password. This alongside nature words should be avoided. Avoid passwords like tiger, lion, monkey, dolphin, sunshine, lake, winter, trees.

Most often than not, many people’s favorite pet is usually the same as others. Hence, it is advisable not to use this as your password.

Pet Names or Children’s Name

This is another highly predictable password. Do not use your pet names or the name of those in your life. Your general lifestyle and family would be among the first few passwords guessed by hackers. Avoid using words from these aspects of your life as your password.

Passwords Related To Login Words

Passwords related to login words like enter, login, letmein, admin, pass, access and so on should be avoided as this might be a quick guess for hackers or unauthorized access.

Obscene Words

People often choose obscene words related to sex as passwords because they think this aspect would be avoided by anyone trying to predict their passwords. This is usually not the case.

In fact, passwords with swear words and obscene words ranked as one of the most common passwords.

Other Common Passwords

Passwords like master, superman, shadow, 696969, michael, dragon, hunter, harley, buster, and so on should be avoided.

To stay safe, choose a complex password for your account and store it in your password manager’s password list. It is preferable to have a mix of alphanumeric, big and small capital letters in your password. Also, for accounts that have sensitive information like an internet bank account, you should use a unique password different from the ones you use for social logins.

You might be interested in

Red Teaming

What is Red Teaming?

Teaming is a practice in cybersecurity aimed at simulating real-life cyberattacks on a company’s system, network, or workforce. The idea

How to Become a Security Researcher

How to Become a Security Researcher

A security researcher investigates security vulnerabilities in applications, websites, hardware, and internet protocols. As security threats evolve, more and more

Introducing Hashcat: The World’s Fastest Password Recovery Tool

4 years ago in Hacking
hashcat

Hashcat is an established password cracker that is considered the world’s fastest CPU-based password recovery tool.

In this article, you will be introduced to Hashcat and how it works.

Password Recovery

Passwords are a string of letters, numbers, or symbols used for the authentication process in various applications. We use them to gain access and also restrict unauthorized entry into accounts, applications, and databases.

However, what if you forget your password? How do you restore it? That is what makes a password cracking tools like Hashcat useful and important to understand.

What is Hashcat?

password recovery

Hashcat is known as the fastest and most advanced password recovery tool capable of cracking extremely complex passwords. It is highly versatile and fast, giving it an edge over other password cracking tools.

Jens ‘atom’ Steube and Gabriele ‘matrix’ Gristina developed the software.

Hashcat is open-sourced, free and cracks passwords using GPU cracking or CPU cracking. It is available for Linux, OS X, and Windows systems.

What Does Hashcat Support?

Hashcat supports a large variety of hashing algorithms, such as:

  • MD4,
  • MD5,
  • SHA-family,
  • NT Hash,
  • LM hash,
  • Unix Crypt formats,
  • MySQL,
  • WHIRLPOOL,
  • RipeMD,
  • Cisco PIX
  • and SHA family.

It also offers several attack modes, including:

  • Toggle-Case attack
  • Fingerprint attack
  • Rule-based attack
  • Combinator attack
  • Brute-force attack
  • Dictionary attack
  • Mask attack
  • Table-Lookup attack
  • Hybrid attack
  • Permutation attack
  • and PRINCE attack.

How Hashcat Works

Hashcat uses rainbow tables, precomputed dictionaries, and a brute-force approach to find an adequate way to crack passwords.

The software can convert readable information into a scrambled sequence, which could be used to crack passwords. The program uses a technique known as a brute force in direct cracking. 

You can download Hashcat online and use it to obtain lost passwords through multiple processes. It’s quite easy to set up because it comes along with a user-friendly guide that illustrates step-by-step how to use the program.

Some of its features include:

  • Compatible with well-know operating systems (Linux, Windows and OSX native binaries)
  • Multi-threaded and the threads have the ability to be configured and executed and used based on the lowest priority
  • Supports hex-salt, hex-charset, and automatic performance tuning
  • Allows reading of password candidates from file and stdin
  • Free and open source

Hashcat is a great tool for password recovery. However, malicious hackers also use it for nefarious purposes.

To ensure you are not an easy victim of a password hack, always make your password long and complex. Additionally, avoid using obvious information about yourself. Finally, you should also change your passwords regularly.

You might be interested in

Go to Top