Stop using '123' as your Windows server password, users warned

(Image credit: Shutterstock)

Following up on a recent spate of attacks that exploited weak passwords on Windows servers, researchers have compiled a list of commonly used passwords that are alarmingly easy to brute force.

Last month, cybersecurity company Guardicore revealed it had discovered a resurgence in Purple Fox malware. Attackers were compromising Windows machines via a new infection vector, brute forcing into internet-connected Windows servers.

Expanding upon this work, researchers from password management and authentication solution vendor Specops Software deployed a global honeypot system to determine the weakest passwords and strengthen its Breached Password Protection list. 

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

According to its analysis, "123" (used 842 times), "Aa123456" (used 801 times) and "password" (used 640 times) were the top three most commonly used passwords, despite the abundance of password generators available. 

In all, Specops studied more than 250,000 attacks over a month to compile a list of the most commonly used passwords.

“The data tells us that these passwords are weak and again the password is the weakest link in IT security,” said Thorbjörn Sjövold, Head of Research at Specops Software.

In addition to the top three, "1qaz2wsx", "12345678", "a123456", "password1", "abc123", and "111111111" round out the top ten.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.