Skip to main content

Stop using '123' as your Windows server password, users warned

Passwords
(Image credit: Shutterstock)
Audio player loading…

Following up on a recent spate of attacks that exploited weak passwords on Windows servers (opens in new tab), researchers have compiled a list of commonly used passwords that are alarmingly easy to brute force.

Last month, cybersecurity company Guardicore revealed it had discovered a resurgence in Purple Fox malware (opens in new tab). Attackers were compromising Windows machines via a new infection vector, brute forcing into internet-connected Windows servers.

Expanding upon this work, researchers from password management (opens in new tab) and authentication solution vendor Specops Software deployed a global honeypot system to determine the weakest passwords (opens in new tab) and strengthen its Breached Password Protection list. 

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

According to its analysis, "123" (used 842 times), "Aa123456" (used 801 times) and "password" (used 640 times) were the top three most commonly used passwords, despite the abundance of password generators (opens in new tab) available. 

In all, Specops studied more than 250,000 attacks over a month to compile a list of the most commonly used passwords.

“The data tells us that these passwords are weak and again the password is the weakest link in IT security,” said Thorbjörn Sjövold, Head of Research at Specops Software.

In addition to the top three, "1qaz2wsx", "12345678", "a123456", "password1", "abc123", and "111111111" round out the top ten.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.