The Top 10 Usernames And Passwords Hackers Try To Get Into Remote Computers

The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers

We know people generally suck at choosing passwords, often using "12345" or "letmein". But what passwords and usernames do attackers try most often? This analysis from information security firm Rapid7 shares some interesting details. Photo by automobileitalia.

In their Project Heisenberg, Rapid7 deployed a collection of honeypots around the world, running on unpublished IP addresses. The company believes the only traffic coming to the honeybots would be from services that scan a wide range of IP addresses. Rapid7 analysed the Remote Desktop Protocol login attempts to these honeypots for nearly a year. They recorded over 220,000 different attempts to log in, from over 5000 distinct IP addresses across 119 different countries.

The top 10 most used passwords:

password

count

per cent

x

11865

5.36%

Zz

10591

4.79%

[email protected]

8014

3.62%

1

5679

2.57%

[email protected]

5630

2.55%

bl4ck4ndwhite

5128

2.32%

admin

4810

2.17%

alex

4032

1.82%

.......

2672

1.21%

administrator

2243

1.01%

Some of these aren't surprising, but "alex"? Anyway, don't use any of these passwords please.

The top usernames collected:

username

count

per cent

administrator

77125

34.87%

Administrator

53427

24.15%

user1

8575

3.88%

admin

4935

2.23%

alex

4051

1.83%

pos

2321

1.05%

demo

1920

0.87%

db2admin

1654

0.75%

Admin

1378

0.62%

sql

1354

0.61%

There's "alex" again. Change the administrator username to something that does not include "admin" in it.

For more insights, check out the report below.

The Attacker's Dictionary [Rapid7 via BetaNews.]


Comments

    Interesting that they've differentiated Administrator and administrator. I was sure an RDP username isn't case sensitive.

      They're not (ditto LDAP) but if the intruders are pulling names from a database the source database may be case-sensitive.

      Also: RDP is not limited to Windows. It can deployed for other operating systems where the username IS case-sensitive.

    So the real question here is who the heck is Alex and why are they so bad at picking passwords?

    I guess if you were worried about your computer security you wouldn't want to be "Living next door to Alex"

    IT administrators quickly send memo to all staff: Users named Alex (M or F) will need to change their names by Deed Poll. All accounts starting with Alex 1 week forward will henceforth be closed.
    ,,,Actually I thought my name was pretty common but now sucks to be Alex.

Join the discussion!

Trending Stories Right Now