Strength estimation of top 200 most common passwords of 2020
We all know that setting up a new password for any of these thousand of accounts we all have is boring and disturbing.
If you don’t use a password manager you just hope that you can remember the password until the next time you need it. That’s why MANY people use very simple and insecure passwords.
Data Source
Nordpass, a new password management service which was developed in 2019 by the same team which created NordVPN, published their second list of the 200 most common passwords of a specific year (this time it’s 2020).
As the link above adapts to where you live you might not see the main list (english version) I will refer to (you could try to use a VPN or Tor to access it nevertheless).
zxcvbn
I decided to analyse their individual password strength with the Java library Nbvcxz, a Java adaption of zxcvbn, one of the most intelligent password strength estimation tools out there.
You just put in a password and it returns feedback including a basic score, a calculated entropy, custom suggestions, found patterns and estimaed stability against cracking for the returned password.
To be able to analyze the top 200 passwords I summarized them in a simple .txt file and started my script.
The result is a .csv file, which includes the passwords with their calculated basic score and entropy to be able to see how safe they really are. I formatted it into a markdown file to show you the results:
The Results
As a reference, here the results of a rather random and uncommon password:
What we learn
This shows that most password commonly used, especially the first 10–15 passwords, are pretty insecure and should be renewed with more complex and random passwords (maybe with the help of password managers, they can make your life much easier).
Furthermore if you‘d like to analyze your own passwords use this website for example…
or my Android app ‘Pazzword’…
, which both use zxcvbn to estimate passwords.
Keep you and your passwords safe!
Bye.
