The Top 10 Usernames And Passwords Hackers Try To Get Into Remote Computers

The Top 10 Usernames And Passwords Hackers Try To Get Into Remote Computers

We know people generally suck at choosing passwords, often using “12345” or “letmein”. But what passwords and usernames do attackers try most often? This analysis from information security firm Rapid7 shares some interesting details.

Photo by automobileitalia.

In their Project Heisenberg, Rapid7 deployed a collection of honeypots around the world, running on unpublished IP addresses. The company believes the only traffic coming to the honeybots would be from services that scan a wide range of IP addresses. Rapid7 analysed the Remote Desktop Protocol login attempts to these honeypots for nearly a year. They recorded over 220,000 different attempts to log in, from over 5000 distinct IP addresses across 119 different countries.

The top 10 most used passwords:

password

count

per cent

x

11865

5.36%

Zz

10591

4.79%

St@rt123

8014

3.62%

1

5679

2.57%

P@ssw0rd

5630

2.55%

bl4ck4ndwhite

5128

2.32%

admin

4810

2.17%

alex

4032

1.82%

…….

2672

1.21%

administrator

2243

1.01%

Some of these aren’t surprising, but “alex”? Anyway, don’t use any of these passwords please.

The top usernames collected:

username

count

per cent

administrator

77125

34.87%

Administrator

53427

24.15%

user1

8575

3.88%

admin

4935

2.23%

alex

4051

1.83%

pos

2321

1.05%

demo

1920

0.87%

db2admin

1654

0.75%

Admin

1378

0.62%

sql

1354

0.61%

There’s “alex” again. Change the administrator username to something that does not include “admin” in it.

For more insights, check out the report below.

The Attacker’s Dictionary [Rapid7 via BetaNews.]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


5 responses to “The Top 10 Usernames And Passwords Hackers Try To Get Into Remote Computers”