Is 123456 the most common password that is hacked?

yes, it is.

Two days ago we made the same analysis. If you download the password list from have i been pwned, Have I Been Pwned: Pwned Passwords, ordered by prevalence you get a list of disclosed passwords sorted by prevalence : “how many times that password had been seen in the source data breaches”

Here is the first 5 more common passwords SHA1 hashed:






The first column is the password hashed (more about this later)
Second column is how many times that password has shown up in disclosed password leaks
As you may see the most popular password has been seen 23 174 662, 23.1 million times.

The one in the second place is quite far from the first one: 7 671 364, 7.6 million times. 1/3 of the first place

Regarding hashing, it is called a one way encryption I can encrypt a string of characters to a given hash. But given the hash you can not find the original string.

For example:

if I find the SHA1 sum for string abcdefg I will get:


But given this sha1 sum you can not simply decrypt it to the original string.

However anytime you find out the sha1sum for abcdefg you will always get 2fb5e13419fc89246865e7a324f476ec624e8740

This is very popular way to store passwords (as well as for some other unrelated things): If the user types in the same password, then the same hash will be obtained and of course it will match the hash I have stored.

Lets find out the SHA1 hash for the string 123456 (Im using a linux shell but you may obtain any sha1 hash here)

$ echo -n “123456”|sha1sum

7c4a8d09ca3762af61e59520943dc26494f8941b –

hum… if you look closely, it will match the first row in the hash list above. So yes, it looks like the 123456 is the most popular one.


Which is the second one? You have to start guessing.. . try several common one passwords, eg: admin, root, qwerty, password (yes!! people uses password as a password), also try them cased, eg: Password, QWERTY, etc

I already discovered them … Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.