As time goes on, there are more and more credential dumps appearing online. There are databases from LinkedIn, Adobe, MySpace, Snapchat, Tumblr, Twitter, and many others. In an effort to understand peoples' password habits, build word lists for weak password checks, etc., I am going to be doing some research on each one. From there, I can answer questions such as the following:
- What are the most common passwords?
- How much password reuse occurs?
- Can a good password list be generated from these databases?
- Can I generate hashes from these databases to test for weak passwords?
This repository will contain statistics from each of the database dumps that I analyze. As I answer each of the questions listed above and others, I will post the results of that research here.
Here are the top 1 Million most common passwords of each data dump.
This was written for research purposes only. Please do not do anything stupid with it. If you get caught, that's on you. I cannot be held responsible for others' bad decisions.