I'm sure nobody is surprised that the most common passwords are "123456", "password", etc. There is a perception in communities like ours that the average user is completely inept and shouldn't be trusted to create a secure password, but I have to wonder how many of these passwords are actually designed to be secure.
I often use enormously unsecure passwords when "signing up" for sites that require registration to continue. I've probably created dozens of accounts around the web with logins like 'qwerty:qwerty' or 'qwer4321:qwerfdsa'. This isn't because I'm a moron, it's because I will never need to access the account again and I therefore don't care about security. "qwerty" is easier to type into a password field twice (for confirmation) than "glxCdsXX3_2".
I would be interested in seeing an analysis of the actual usage of accounts with the most common passwords. It would be interesting to have a bot log into a large amount of cracked accounts and download any usage history or generated data that would indicate how often the account has been used. My guess is that a significant number of the common-password accounts would have the same date for "first created" and "last login". That data could be used to weight the frequencies of the common passwords and paint a much more interesting picture.
The 10th most common password was far too interesting for me to ignore. While it is fairly easy to type, its not easy enough for it to be some sort of tap-password.
Having a closer look at the list, and assuming the dump is organised in some sort of chronological creation order, you can see that all the accounts which use that password are created in several tight groups, share a fairly common username theme (mostly female names), and use a fairly narrow selection of email providers. I would guess they were made by a bot.
Ah thanks, I need to learn to read gooder. The password got me so curious I couldn't even finish reading the sentence.
Edit: Thinking about his explanation, it doesn't really make sense to me. If that were really the case, those accounts would be more evenly distributed through the list - yet they are tightly clustered, which leads me to think they were created in groups (guessing the list has some sort of chronological order).
We built a "password strengthener" the other day. During the analysis phase, we ran our passwords database (~10M accounts) against a dictionary. We wanted to do this to ban the top ten most common used words among other things. The results beyond top 10 were completely different than the ones pointed here by the OP, the first 10 were almost exactly the same.
My take is that this depends considerably in your target audience, I'm not disclosing which team I'm a member of, but if you run the same analysis to come up with ideas on how to enforce users to chose better passwords, you'll see how different the result are going to look.
I often use enormously unsecure passwords when "signing up" for sites that require registration to continue. I've probably created dozens of accounts around the web with logins like 'qwerty:qwerty' or 'qwer4321:qwerfdsa'. This isn't because I'm a moron, it's because I will never need to access the account again and I therefore don't care about security. "qwerty" is easier to type into a password field twice (for confirmation) than "glxCdsXX3_2".
I would be interested in seeing an analysis of the actual usage of accounts with the most common passwords. It would be interesting to have a bot log into a large amount of cracked accounts and download any usage history or generated data that would indicate how often the account has been used. My guess is that a significant number of the common-password accounts would have the same date for "first created" and "last login". That data could be used to weight the frequencies of the common passwords and paint a much more interesting picture.