Security

The Top 10 Usernames And Passwords Hackers Try To Get Into Remote Computers

The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers

We know people generally suck at choosing passwords, often using “12345” or “letmein”. But what passwords and usernames do attackers try most often? This analysis from information security firm Rapid7 shares some interesting details.

Photo by automobileitalia.

In their Project Heisenberg, Rapid7 deployed a collection of honeypots around the world, running on unpublished IP addresses. The company believes the only traffic coming to the honeybots would be from services that scan a wide range of IP addresses. Rapid7 analysed the Remote Desktop Protocol login attempts to these honeypots for nearly a year. They recorded over 220,000 different attempts to log in, from over 5000 distinct IP addresses across 119 different countries.

The top 10 most used passwords:

password

count

per cent

x

11865

5.36%

Zz

10591

4.79%

[email protected]

8014

3.62%

1

5679

2.57%

[email protected]

5630

2.55%

bl4ck4ndwhite

5128

2.32%

admin

4810

2.17%

alex

4032

1.82%

…….

2672

1.21%

administrator

2243

1.01%

Some of these aren’t surprising, but “alex”? Anyway, don’t use any of these passwords please.

The top usernames collected:

username

count

per cent

administrator

77125

34.87%

Administrator

53427

24.15%

user1

8575

3.88%

admin

4935

2.23%

alex

4051

1.83%

pos

2321

1.05%

demo

1920

0.87%

db2admin

1654

0.75%

Admin

1378

0.62%

sql

1354

0.61%

There’s “alex” again. Change the administrator username to something that does not include “admin” in it.

For more insights, check out the report below.

The Attacker’s Dictionary [Rapid7 via BetaNews.]


Have you subscribed to Lifehacker Australia's email newsletter? You can also follow us on LinkedIn, Facebook, Twitter and YouTube.

Trending Stories Right Now