The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers

Feb
27

We discussed passwords here before, mainly about how people are bad at choosing passwords. This time we come at the subject from a different angle: the passwords hackers use to get into networks.


The people at Rapid7 deployed a collection of honeypots around the world, running on unpublished IP addresses. Normally only scanners would find these devices. During nearly a year Rapid7 logged the RDP login attempts at these honeypots, and the results are below.

 

username

count

percent

administrator

77125

34.87%

Administrator

53427

24.15%

user1

8575

3.88%

admin

4935

2.23%

alex

4051

1.83%

pos

2321

1.05%

demo

1920

0.87%

db2admin

1654

0.75%

Admin

1378

0.62%

sql

1354

0.61%

The top 10 most used passwords:


password

count

percent

x

11865

5.36%

Zz

10591

4.79%

St@rt123

8014

3.62%

1

5679

2.57%

P@ssw0rd

5630

2.55%

bl4ck4ndwhite

5128

2.32%

admin

4810

2.17%

alex

4032

1.82%

.......

2672

1.21%

administrator

2243

1.01%

 

Bottom line: if your password is in this list it might be wise to choose another. And don't use the string admin in your administrator user. Or alex...

For more details check The Attacker's Dictionary

share: