How-To Geek

Analysis of the Leaked Yahoo! Passwords: Or, 2008 Was a Popular Year

Anytime there is a massive password breach there is a subsequent analysis of the password quality; if you’re curious about the composition of nearly half a million Yahoo! users, come on in and rubberneck the break down.

Courtesy of Anders Nilsson, the analysis yielded all sorts of little gems. The most popular password was 123456, the most popular baseword was password, and his break down of the days, months, and years incorporated into passwords shows that May is the most popular month, it’s a tie between several weekdays, and January is the most popular month. Ever tack a year onto your password to spice it up? If you’re a Yahoo! user there’s a pretty good chance it’s 2008.

Hit up the link below to check out the full analysis. If you realize your passwords could use a little updating, check out our guide to recovering from a security breach and best password practices to get your passwords in order.

Statistics of 450,000 Leaked Yahoo Accounts [via Boing Boing]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 07/13/12

Comments (6)

  1. CaptRon

    The last ‘Top 10’ was titled ‘Hashcat masks’…what does this mean?

    On a semi-related note, when I logged in to Yahoo yesterday after seeing your story I was greeted to a ‘Click to accept our Terms of Service’…I thought this was a classy response from Yahoo…

  2. spike


    ‘Hashcat masks’ are sort of ‘patterns’ that define the character set used in each position in a password. It is useful when cracking passwords to know how passwords are commonly constructed (what types of characters are usually used in what positions in the password)
    For example, the mask:
    at 9.19%, shows that nearly 10% of the passwords were 6 consecutive lower-case letters.

  3. Kevalin

    Geeps… how many articles, news stories, etc., have said over and over and OVER again that the types of passwords listed above are terrible when comes to maintaining any sort of security?

    Yes, it’s a hassle to generate more complex passwords and be forced to keep them in some sort of (ideally) encrypted form. It’s a pain to have to look up passwords for some of your less-frequented sites.

    But it’s not as big a hassle as trying to get your bank or credit card company to reimbuse you because someone found sensitive information in your email and stole your money and /or identity.

  4. Ushindi

    123456?? That is unbelievable (or at least it SHOULD be).

  5. Atrusty

    “… May is the most popular month, … and January is the most popular month.” ?

  6. spike

    @Atrusty: Probably just a typo. May is the most popular, and on abbreviated months, just below, Jan is a lot more than Feb (but still Mar is the winner in that category). Probably came from that.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!