Password cracking tools like John the Ripper work by generating potential passwords and then matching them against the system being tested. These potential passwords come from a “dictionary” – a list of words that are assumed to be potential passwords, that are used as seeds to generate permutations that a user might have selected.
But what’s better than permutations a user might have selected? How about password lists from breaches, so that we can see what users ACTUALLY use.
According to the site, these passwords will crack roughly 5% of user accounts on a given system. If you’re using one of them, change it now.
123456 12345 123456789 password iloveyou princess 1234567 12345678 abc123 nicole daniel babygirl monkey