Article Lead Image

Even hackers are bad at choosing passwords

They should really know better.


Kate Knibbs


Posted on Jun 10, 2014   Updated on May 31, 2021, 4:08 am CDT

Hackers can infiltrate tightly secured software and protected programs to steal passwords, so you’d think they’d pick up some tricks to avoid selecting an easily hackable password.


When approximately 2,000 passwords belonging to known hackers were leaked last week, Avast security researcher Antonín Hýža decided to compile a dictionary of hacker passwords the Avast Virus Lab had cataloged over the years.

Hýža discovered many hackers choose simple passwords, with an average length of six characters. The most commonly used password among computer hackers? Hack. That’s right—hackers choose “Hack” as their password. Very smooth. Very subtle. 

“Pass,” “root,” and “hax” were also commonly used passwords. Most of the passwords used lowercase letters and numbers, and were derived from English. And most of them were garbage.

“Most of hackers’ passwords are even weaker than those that normal people use,” Hýža wrote. That’s impressively bad, considering “password” is one of the most commonly used passwords amongst normies.

Given that password security has eluded even the people who know how to get around it, here’s a quick refresher on what makes a good password. Length is the most important thing; if you’re worried about forgetting a long password, you can use programs like KeePass to manage your passwords without sacrificing length. And, of course, six characters isn’t appropriate for any password, let alone that of a hacker.

Not every hacker was a hopeless doofus when it came to password-crafting. Hýža discovered a full 10 percent of the passwords were too hard to guess, with some up to 75 characters long. (See? Length!) There’s no information on whether the hackers with the good passwords were performing more sophisticated hacks than their counterparts with stupid passwords, but here’s a guess: They probably were.

H/T Avast Photo via Mark Fischer/Flickr (CC BY SA 2.0)

Share this article
*First Published: Jun 10, 2014, 1:13 pm CDT