Why is 18atcskd2w considered a common password?

716    Asked by Amitraj in Cyber Security , Asked on Jan 25, 2022

I was going through the list of top 100K passwords and found Sojdlg123aljg and 18atcskd2w near the top of the list. Does anyone have any idea why this is such a common password?

Answered by Anil Jha

One of the most logical explanations is that those accounts were associated with a bot. Same goes for passwords like 18atcskd2w. Graham Cluley wrote an article about this: So, Just Why Is 18atcskd2w Such a Popular Password?

Can so many people really be choosing to protect their online accounts with the same, seemingly random choice of “18atcskd2w”, “3rjs1la7qe,” or “q0tsrbv488”?
The answer, of course, is no. People are not choosing those passwords.
Yes, those credentials can be found amongst the stolen data, and those passwords are being used on many tens of thousands of accounts, but it wasn’t a human being who chose that password. It was a computer.
Human brains were responsible for choosing passwords like “123456”, “password,” and “qwerty.” But there is no way that 91,103 people independently chose to secure their accounts with “18atcskd2w.”

Instead, what I believe happened is that these accounts were created by bots, perhaps with the intention of posting spam onto the forums.

Edit:

Ok, I went to check some of records ("dumps") from breached websites:

ilerrhyc@qgjkwntm.com:18atcskD2W
lprfzoyj@aboriaqk.com:18atcskD2W
ytjcvfhx@erbnxkjx.com:18atcskD2W
imuudluz@qsldpvlx.com:18atcskD2W
rrrowvvn@gdcufxsg.com:18atcskD2W
kixtigma@snjkuxjh.com:18atcskD2W

I'm pretty sure that those passwords were associated with the bot, but the funny thing is that the attacker used a random username with a random-non-existing domain, but a non-random password.



Your Answer

Interviews

Parent Categories