Most Common Passwords

Most people are clueless as to how accounts are hacked and their passwords reflect that. If you find anything in common with the most common passwords below you have a weak password. This is to help people choose a strong password and possibly help site admins understand the risks.
Most Common Passwords

1. 123456, 123, 123123, 01234, 2468, 987654, etc
2. 123abc, abc123, 246abc
3. First Name
4. Favorite Band
5. Favorite Song
6. first letter of given name then surname
7. qwerty, asdf, and other keyboard rolls
8. Favorite cartoon or movie character
9. Favorite sport, or sports star
10. Country of origin
11. City of origin
12. All numbers
13. Some word in the dictionary
14. Combining 2 dictionary words
15. any of the above spelled backwards
16. aaa, eee, llll, 999999, and other repeat combinations

Common Extensions

Some sites force you to have passwords with both numbers and letters. For example bob\'s password is football, and the site asks him to add some numbers to it to make it valid. Here\'s what people usually add.

1. Their year of birth / marriage / graduation (or expected grad) from HS or college
2. 007
3. 0 - 9
4. 69
5. 000, 111, 4444 or other long combinations
6. 123456, 123, 123123, 01234 and other retarded combinations

Years are usually added in different ways: football85, football1985, football04 instead of football4. There\'s also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything.
My opinion on an Ideal password

Mixed numbers and letters over 8 characters long. Memorize it once, use it forever.
How long it takes to hack a password

If they have hacked and downloaded the entire database it\'s 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second. Most decent sites have captchas now which prevent brute force guesses.
Words in the Dictionary

If they steal a sites database you can get hacked fast, even if you use foreign words. The open office english spellcheck has around 70,000 words. Apps like passwordspro on my 2 Ghz cpu can check around 4,000,000 md5 possibilities a second, allowing to to breeze through several dictionaries, including possible variations like all uppercase/lowercase and backwards words. The latest nvidia cards with a coda gpu brute forcer can easily exceed 200 million md5s a second.
Numbers

If you have an all numbers password it\'s much faster to crack than if it were mixed. Instead of having a massive array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. At 2 Ghz my comp can check every number up to 14 million in 2 minute for salted md5s, making it possible to have a weak 8 character password. Adding 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode+your best friends number or something VERY long it would be strong enough.
All Random letters

Every possible combination of 3 letter words is only around 17000 while every possible 4 letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 character to your password helps expontentially. No dictionary words!