Who would have thought that choosing a good password could be so hard.
A collaboration between the National Institute of Standards and Technology (NIST) and Troy Hunt from the famous site Have I Been Pwned came up with a file containing the top 100,000 passwords. If you check this file out and see your password then it is definitely time to change your password.
(If you just want to download the file, you can do so here: PwnedPasswordTop100k.txt).
The password '123456' has been found 23 million times in the breaches that Troy's collected. You might think that choosing a more complex password such as 'oreocookie' is better, but even that has been seen over 3,000 times.
But does releasing breached passwords help criminals you may wonder. These passwords are already in the public domain. We hope to build awareness of breaches and ways to make a password stronger.
Security works when people act as a community, whether that's allowing people to realise how common their password is, or just giving them confidence that the password they've picked at work or home is more sensible. :)