Password dictionaries:

8-more-passwords.txt sorting only passwords with more than 8 characters, removed all numeric passes, removed consecutive characters (3 characters or more), removed all-lowercase passwords, passwords without a capital letter and also a number (61,682 passwords). 7-more-passwords.txt it consists of passwords 7 characters or more, and numeric passwords removed (528,136 passwords). 1000000_password_seclists.txt 1,000,000 password from SecLists bitcoin-brainwallet.lst bitcoin-brainwallet with 394,748 lines usernames.txt collection username of/at US - 403,355 lines us-cities.txt list 20,580 cities at US facebook-firstnames.txt 4,347,667 of Facebook first names. 2151220-passwords.txt 2,151,220 passwords from dazzlepod.com subdomains-10000.txt 10,000 subdomain for domain scanner. 38650-password-sktorrent.txt 38,650 passwords from sktorrent.eu. uniqpass_v16_password.txt UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords indo-cities.txt list 102 cities at Indonesia 38650-username-sktorrent.txt 38,650 usernames from sktorrent.eu. forced-browsing every wordlist you need for forced browsing.

MIT License

Copyright (c) 2015 Van-Duyet Le

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago. The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline " " character. You can test the list without downloading it by giving SHA256 hashes to the free hash cracker or to @PlzCrack on twitter. Here s a tool for computing hashes easily. Here are the results of cracking LinkedIn s and eHarmony s password hash leaks with the list. The list is responsible for cracking about 30% of all hashes given to CrackStation s free hash cracker, but that figure should be taken with a grain of salt because s

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2Ff29f742e3d48f66bf0eccf60abf631d1%2Frockyo2.png?generation=1720539563047126&alt=media" alt="">

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Files

I separated the single 160GB txt file into smaller files with filenames based on first character to make it easier to utilize for those with less powerful machines.

• letters (A-Z)
• digits (0-9)
• dollarsymbol ($)
• symbols (other symbols)
• others (those that cant be categorized by any of those above)

Note

• The original 160GB file was written with an encoding of utf8, I used the same encoding for the files above.
• The contents of the files above are UNSORTED
• The contents are NOT DEDUPLICATED

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Original TxtFile

In case you'd like to process the RockYou2024.txt yourself, you can find it here ❗Original RockYou2024.txt zip file

Strong Passwords Only

In case you'd like to see only the "Strong Passwords", you can find it here ❗180 Million "Strong Passwords" in RockYou2024.txt

Cover Image

Generated with Bing Image Generator

Dataset

This dataset was created by Pintar Ngoding

Contents

8-more-passwords.txt: Contains passwords with more than 8 characters. Excludes numeric-only passwords, consecutive characters (3 or more), all-lowercase passwords, and passwords without at least one capital letter and one number. Total: 61,682 passwords. 7-more-passwords.txt: Includes passwords with 7 characters or more. Numeric passwords are removed. Total: 528,136 passwords. 1000000_password_seclists.txt: A collection of 1,000,000 passwords from SecLists. bitcoin-brainwallet.lst: Bitcoin brainwallet with 394,748 entries. usernames.txt: Collection of 403,355 usernames from the US. us-cities.txt: List of 20,580 cities in the US. facebook-firstnames.txt: Contains 4,347,667 first names from Facebook. 2151220-passwords.txt: Collection of 2,151,220 passwords from dazzlepod.com. subdomains-10000.txt: List of 10,000 subdomains for domain scanning. 38650-password-sktorrent.txt: Contains 38,650 passwords from sktorrent.eu. uniqpass_v16_password.txt: UNIQPASS is a large password list for use with John the Ripper (JtR) in wordlist mode to convert large numbers of hashes, such as MD5, into cleartext passwords. indo-cities.txt: List of 102 cities in Indonesia. 38650-username-sktorrent.txt: Contains 38,650 usernames from sktorrent.eu. forced-browsing: Contains every wordlist needed for forced browsing.

According to a survey conducted in *************, **** percent of computer users in Japan neither knew the term nor the meaning of password list attacks. Password list attacks represent a form of account hacking in which attackers gain access to an account via a list of correct IDs and passwords.

Data is sourced from Information is Beautiful, with the graphic coming from the same group here.

There's lots of additional information about password quality & strength in the source Doc. Please note that the "strength" column in this dataset is relative to these common aka "bad" passwords and YOU SHOULDN'T USE ANY OF THEM!

Wikipedia has a nice article on password strength as well.

Data Dictionary

passwords.csv

Over 3.2 billion email addresses with passwords posted on Dark Web from massive Google platform data leaks

The size of the Password Management Market was valued at USD 2 Billion in 2023 and is projected to reach USD 6.37 Billion by 2032, with an expected CAGR of 18% during the forecast period. Recent developments include: July 2022: Google updated its password managers by integrating various highly requested features to help consumers, like auto-login, credential saving, and password generation. This led to enhanced market growth owing to the higher utilization of the Google Chrome browser for web surfing and remote working., June 2022: Lookout Inc. acquired SaferPass, offering simple and secure password managers for enterprises and individuals. The acquisition helps in delivering proactive security platforms to safeguard user data and privacy while broadening the business footprint., January 2022: Keepers Security launched Secrets Manager, which secured infrastructure credentials like API keys, certificates, access keys, and database passwords. The solution included cloud-based integration with a zero-knowledge security model similar to their enterprise password management platform..

Enterprise Password Managers Market Outlook

The global enterprise password managers market size was valued at USD 1.2 billion in 2023, and it is projected to reach USD 4.8 billion by 2032, growing at a compound annual growth rate (CAGR) of 16.6% from 2024 to 2032. The rising incidences of data breaches and cyber-attacks are major growth factors driving the market. Organizational awareness about cybersecurity, coupled with stringent government regulations mandating robust authentication mechanisms, further fuels the demand for enterprise password managers.

The increasing reliance on digital platforms and the proliferation of online services have led to an exponential rise in the number of passwords that enterprises need to manage. With the growing complexity and volume of passwords, manual management becomes impractical, necessitating the use of automated password management solutions. Enterprises are increasingly recognizing the importance of password security as a critical component of their overall cybersecurity strategy, thereby driving the adoption of enterprise password managers.

Another significant growth factor is the increasing adoption of cloud-based services. As organizations migrate more of their operations to cloud environments, the need for secure access management becomes paramount. Cloud-based password managers offer scalability, flexibility, and real-time synchronization, making them highly attractive to enterprises of all sizes. Additionally, the integration capabilities of these solutions with various applications and platforms enhance their utility and adoption in the enterprise sector.

The regulatory landscape is also playing a pivotal role in market growth. Governments and regulatory bodies across the globe are enforcing stringent data protection and privacy laws, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. These regulations mandate robust security measures to protect sensitive data, compelling enterprises to adopt advanced password management solutions. The increasing penalties for non-compliance further incentivize organizations to invest in secure password management.

Regionally, North America dominates the market, attributed to the high concentration of major technology companies and a well-established cybersecurity infrastructure. However, significant growth is also expected in the Asia Pacific region, driven by rapid digitalization, increasing awareness about cybersecurity, and supportive government initiatives. Europe continues to be a strong market due to stringent regulatory requirements and high enterprise awareness about data security.

Deployment Type Analysis

The deployment type segment is categorized into on-premises and cloud-based solutions. On-premises deployment involves installing the password management software directly on the organization's servers. This model offers complete control over data and security protocols, making it suitable for highly regulated industries such as banking and government. Enterprises with robust IT infrastructure and the capability to manage on-premises solutions often opt for this deployment type. Despite the higher initial costs and maintenance requirements, on-premises solutions offer enhanced security and customization options.

On the other hand, the cloud-based deployment model is gaining significant traction. Cloud-based password managers offer numerous advantages, including lower upfront costs, scalability, and ease of access. These solutions are particularly appealing to small and medium enterprises (SMEs) that may lack extensive IT resources. The cloud model allows for real-time updates and synchronization across multiple devices, enhancing user convenience and operational efficiency. Moreover, cloud-based solutions often come with built-in disaster recovery and backup capabilities, ensuring data integrity and availability.

Another driving factor for cloud-based deployment is the growing trend of remote work and BYOD (Bring Your Own Device) policies. As the workforce becomes increasingly mobile, secure access to enterprise resources from any location becomes crucial. Cloud-based password managers facilitate secure remote access, making them ideal for modern, distributed work environments. The subscription-based pricing model also makes it easier for enterprises to budget and scale as needed, further contributing to the popularity of cloud-based solutions.

Security concerns, though, remain a critical consideration for both

This archive does not contain any data but code and codebooks. For our analyses we use administrative data of the Institute for Employment Research (detail information about the data and its version). The data are social data with administrative origin which are processed and kept by IAB according to Social Code III. There are certain legal restrictions due to the protection of data privacy. The data contain sensitive information and therefore are subject to the confidentiality regulations of the German Social Code (Book I, Section 35, Paragraph 1). The data are held by the Institute for Employment Research (IAB), Regensburger Str. 104, D-90478 Nürnberg, email: iab@iab.de, phone: +49 911 1790. If you wish to access this data for replication purposes, please get in contact with the author, see https://iab.de/en/facts-and-figures-2/data-access-for-replication-purposes/. For the publication we received an exemption to upload the data on July 17th 2025 by the editor of Public Opinion Quarterly. Abstract of paper: Online probability panels that recruit participants via postal invitation letters use passwords to manage access to the survey. While previous research has examined primarily whether providing a password affects response rates, less attention has been given to the impact of password strength, defined by length and complexity, on response propensities. Password length refers to the number of characters in a password, while complexity refers to the set of characters (e.g., lowercase letters, digits). This study evaluates the influence of password length and complexity on various participation levels (i.e., survey access, response rates, and panel registration) as well as the propensity to consent to data linkage and item response rates for income questions. We conducted an experiment in the first wave of a German online probability survey and manipulated password length and complexity. Additionally, we included a group using the default length and complexity settings (eight uppercase letters) of the survey hosting service. The participants were randomly assigned to one of these groups. The findings indicate that longer and more complex passwords increase both participation rates and the propensity to consent to data linkage between survey and administrative data.

Between 2004 and January 2024, internet users in Canada have seen a high number of breaches of different types of data. Passwords were most likely to be among the breached data. Usernames were the second-most breached data type, followed by password hash.

This study delves into the threats and risks posed by weak passwords, particularly the ones associated with stealing sensitive information. A specific area of interest was focused on the weakly protected accounts. This particular study was able to determine the effects of perceived security, digital literacy, and perceived privacy and ease of use on the user’s level of trust, intention for secure activity, and satisfaction of social media users with the help of a prepared model that possessed these factors. The tests of the hypothesis indicated high levels of correlation between trust and digital literacy with intentions to perform the activity with the intended security measures, and that perceived security and privacy enhanced trust, whereas perceived privacy and ease of usage increased consumer satisfaction. The findings point away from using personal information or easily guessed sequences and point towards the requirement of a stronger password composed of letters, numbers, and symbols. Moreover, it is also recommended to implement such methods as two-factor authentication and regular changing of passwords. Bettering users’ digital literacy may assist them in grasping and adopting sound password practices. Safeguarding the platforms can greatly contribute to the promotion of constructive behavior among users, enhance user satisfaction as well as confidence, and in all those actions, invigorate the trust as well as increase safety on the internet.

Browser Password Audit Tools Market Outlook

As per our latest research, the global browser password audit tools market size reached USD 1.18 billion in 2024, reflecting robust demand across diverse industries. The market is projected to grow at a CAGR of 13.2% from 2025 to 2033, with the market size forecasted to reach USD 3.61 billion by 2033. This remarkable growth is driven by the increasing frequency of cyberattacks, heightened regulatory compliance requirements, and the growing adoption of digital authentication mechanisms across enterprises worldwide.

One of the primary growth drivers for the browser password audit tools market is the escalating incidence of data breaches and credential theft, which have become increasingly sophisticated and damaging. Organizations are recognizing the critical importance of securing browser-stored credentials, as browsers often become the first point of compromise for attackers. The proliferation of remote work and bring-your-own-device (BYOD) policies has further expanded the attack surface, compelling companies to implement comprehensive password audit solutions. These tools not only help in identifying weak or reused passwords but also enable organizations to enforce robust password policies, thus enhancing overall cybersecurity posture. The integration of browser password audit tools with Security Information and Event Management (SIEM) and Identity and Access Management (IAM) systems is also contributing to the market’s rapid expansion, providing holistic visibility and control over user authentication processes.

Another significant factor propelling market growth is the tightening regulatory landscape around data privacy and security. Regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional data protection laws have mandated organizations to implement stringent controls over user credentials and access management. Non-compliance can result in severe financial penalties and reputational damage, prompting enterprises to invest in advanced browser password audit tools. These solutions facilitate continuous monitoring, auditing, and reporting of password-related activities, ensuring that organizations remain compliant with evolving regulatory requirements. Additionally, the rise of zero-trust security frameworks, which emphasize strict identity verification and least-privilege access, is further fueling the adoption of password audit tools as a foundational element of modern security architectures.

Technological advancements in artificial intelligence and machine learning are also playing a pivotal role in shaping the browser password audit tools market. Modern solutions leverage AI-driven analytics to detect anomalous password usage patterns, automate the identification of compromised credentials, and provide actionable recommendations for remediation. The integration of threat intelligence feeds allows these tools to proactively identify passwords exposed in data leaks or dark web forums, thereby enabling organizations to take preemptive action. Furthermore, the growing emphasis on user experience has led to the development of intuitive dashboards and automated reporting features, making it easier for security teams to manage and respond to password-related risks. As organizations continue to prioritize digital transformation and cloud adoption, the demand for scalable, cloud-based password audit tools is expected to surge, driving further innovation and market growth.

From a regional perspective, North America currently dominates the browser password audit tools market, accounting for the largest revenue share in 2024, followed by Europe and Asia Pacific. The presence of a mature cybersecurity ecosystem, early adoption of advanced authentication technologies, and stringent regulatory frameworks have positioned North America as a key growth engine for the market. Europe is witnessing accelerated growth due to the enforcement of GDPR and increasing investments in digital security infrastructure. Meanwhile, Asia Pacific is emerging as a lucrative market, driven by rapid digitalization, the proliferation of internet users, and rising awareness about cybersecurity threats. Latin America and the Middle East & Africa are also experiencing steady growth, albeit from a smaller base, as organizations in these regions ramp up their cybersecurity initiatives in response to evolving threat landscapes.

"Trying to use different and complex passwords for every website, account, and application can be challenging. If you are experiencing password overload, you may become careless. Maybe you keep all your passwords written down or reuse the same, easy to remember password. You can use a password manager to help you create, store, and remember your passwords. By using a password manager, you don’t need to remember dozens of passwords. They promote the use of complex passwords and discourage password reuse. Even though password managers provide a number of advantages, these tools present some risks to user’s information which we will outline in this document."

Consumer Password Manager Market Outlook

According to our latest research, the global Consumer Password Manager market size reached USD 1.72 billion in 2024, reflecting robust demand for digital security solutions among consumers. The market is projected to expand at a CAGR of 19.8% from 2025 to 2033, reaching a forecasted value of USD 8.71 billion by 2033. This growth is primarily driven by increasing cyber threats, rising digital adoption, and the need for convenient yet secure password management tools among individuals and small businesses worldwide.

One of the primary growth factors fueling the Consumer Password Manager market is the escalating frequency and sophistication of cyberattacks targeting personal accounts. As consumers increasingly rely on digital platforms for banking, shopping, and communication, the risk of credential theft and identity fraud has surged. Password managers offer a robust solution by enabling users to generate, store, and autofill complex passwords, thereby reducing the likelihood of security breaches. The growing awareness of cybersecurity best practices, often promoted by financial institutions, tech companies, and governments, has further accelerated the adoption of password management applications among end-users.

Another significant driver is the proliferation of digital devices and the rise of multi-device usage. With consumers accessing their accounts from desktops, smartphones, tablets, and even smartwatches, the complexity of managing multiple credentials has increased exponentially. Password managers provide seamless synchronization across devices, ensuring that users have secure access to their accounts anytime and anywhere. The trend toward remote work and online learning, particularly in the wake of the COVID-19 pandemic, has further heightened the demand for user-friendly and reliable password management solutions. As a result, vendors are focusing on enhancing cross-platform compatibility and user experience to capture a larger share of the expanding consumer base.

The evolution of regulatory frameworks and compliance requirements also plays a pivotal role in shaping the Consumer Password Manager market. Regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States have mandated stricter data protection standards, prompting individuals and small businesses to seek secure methods of managing sensitive information. Password managers not only facilitate compliance by safeguarding credentials but also offer audit trails and security reports for added transparency. These regulatory pressures, combined with the increasing monetization of personal data by cybercriminals, are expected to sustain strong demand for consumer-oriented password management solutions over the forecast period.

In this evolving landscape, the role of a Local Password Manager is becoming increasingly significant. Unlike cloud-based solutions, local password managers store all user credentials directly on the user's device, offering an added layer of privacy and control over sensitive data. This approach is particularly appealing to users who are wary of storing their passwords on external servers due to concerns about data breaches or unauthorized access. By keeping data local, these password managers can offer enhanced security assurances, which are crucial for individuals and businesses operating in sectors with stringent data protection requirements. As the market continues to grow, the demand for local solutions that prioritize user privacy and data sovereignty is expected to rise, providing a niche yet important segment within the broader consumer password manager market.

Regionally, North America continues to dominate the Consumer Password Manager market, accounting for the largest share in 2024 due to high digital literacy, widespread adoption of cybersecurity tools, and the presence of leading technology vendors. However, the Asia Pacific region is witnessing the fastest growth, fueled by rapid digitization, expanding internet penetration, and a burgeoning middle class increasingly concerned about online privacy. Europe follows closely, driven by stringent data protection regulations and a tech-savvy population. Latin America and the Middle East & Africa are emerging markets, characterized by growing smartphon

Password Sync Tools Market Outlook

According to the latest research, the global Password Sync Tools market size in 2024 stands at USD 1.42 billion, reflecting robust demand across various industries for enhanced security and streamlined password management. The market is experiencing a healthy growth trajectory, with a Compound Annual Growth Rate (CAGR) of 13.7% projected from 2025 to 2033. By the end of 2033, the market is forecasted to reach approximately USD 4.34 billion. This impressive growth is primarily driven by the increasing frequency of cyber threats, the proliferation of digital identities, and the growing need for secure yet user-friendly authentication solutions across enterprises of all sizes.

One of the central growth factors for the Password Sync Tools market is the escalating sophistication and frequency of cyber-attacks targeting both enterprises and individual users. As organizations continue to digitize their operations and expand their digital footprint, the risk of unauthorized access and data breaches intensifies. Password Sync Tools offer a proactive solution by ensuring seamless synchronization and management of passwords across multiple platforms, reducing the likelihood of weak or reused passwords that are often exploited by cybercriminals. Furthermore, the integration of advanced encryption technologies and multi-factor authentication within these tools bolsters the overall security posture, making them an indispensable asset in todayÂ’s threat landscape.

The surge in remote work and the adoption of cloud-based applications have further amplified the demand for Password Sync Tools. With employees accessing corporate resources from various locations and devices, the need for a centralized and secure password management solution has become paramount. Password Sync Tools facilitate seamless access management without compromising security, enabling organizations to maintain productivity while adhering to stringent compliance requirements. Additionally, the rising awareness among small and medium enterprises regarding the financial and reputational risks associated with data breaches is prompting increased investments in robust password management solutions, thereby fueling market expansion.

Another significant driver for the Password Sync Tools market is the regulatory landscape. Governments and industry bodies worldwide are implementing stringent data protection regulations, such as GDPR, HIPAA, and CCPA, which mandate the adoption of strong authentication and access control mechanisms. Password Sync Tools assist organizations in achieving compliance by automating password updates, enforcing password policies, and providing detailed audit trails. The growing emphasis on regulatory compliance, combined with the need for operational efficiency and user convenience, is expected to sustain the upward trajectory of the market over the forecast period.

In the realm of cybersecurity, Password Policy Enforcement plays a pivotal role in safeguarding organizational assets. By implementing stringent password policies, organizations can significantly reduce the risk of unauthorized access and data breaches. These policies typically include requirements for password complexity, expiration, and history, ensuring that users create strong and unique passwords. The enforcement of such policies is crucial in maintaining a robust security posture, as it prevents the use of easily guessable or reused passwords that are vulnerable to attacks. Furthermore, automated tools that enforce password policies can streamline compliance efforts, providing audit trails and alerts for policy violations. As cyber threats continue to evolve, the importance of comprehensive password policy enforcement cannot be overstated, making it an essential component of any organization's security strategy.

From a regional perspective, North America dominates the Password Sync Tools market, accounting for the largest share in 2024, followed closely by Europe and the Asia Pacific. The high adoption rate of advanced cybersecurity solutions, a mature IT infrastructure, and a strong presence of leading market players contribute to North AmericaÂ’s leadership position. Meanwhile, Asia Pacific is witnessing the fastest growth, driven by rapid digital transformation, increasing awareness about cy

The password management market is booming, projected to reach $30.5 billion by 2033, driven by cybersecurity concerns and cloud adoption. Explore market trends, key players (Okta, LogMeIn, Dashlane), and regional insights in this comprehensive analysis.

According to a survey conducted in December 2022, more than ** percent of smartphone users in Japan neither knew the term nor the meaning of password list attacks. Password list attacks represent a form of account hacking in which attackers gain access to an account via a list of correct IDs and passwords.

10000 Most Common Passwords

If your password is on this list of 10,000 most common passwords, you need a new password. A hacker can use or generate files like this, which may readily be compiled from breaches of sites such as Ashley Madison. Usually, passwords are not tried one-by-one against a system's secure server online; instead, a hacker might manage to gain access to a shadowed password file protected by a one-way encryption algorithm, then test each entry in a file like this to see whether it encrypted form matches what the server has on record. The passwords may then be tried against any account online that can be linked to the first, to test for passwords reused on other sites.

Acknowledgements

The dataset was procured by SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.