Comment on Top 200 Most Common Passwords | NordPass
SanctimoniousApe@lemmings.world 12 hours ago
Methodology
The Top 200 Most Common Passwords report is the result of a joint effort between NordPass and NordStellar, prepared in collaboration with independent researchers specializing in cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed from September 2024 to September 2025 to identify statistically aggregated data. No personal data was acquired or purchased for this research.
Okay, so how valid is this really if they’re only using those passwords that were hacked?
t3rmit3@beehaw.org 11 hours ago
It’s very valid. The password dumps they’re analyzing aren’t based on attackers brute-force, they’re based on attackers breaching sites’ backends and dumping the user databases. Some of these are sites with millions of records, and when you look at credential-stuffing lists (which are aggregate lists of currently-accessible accounts using previously-breached credential pairs), it adds millions more.
Sort this list by year, and you can see there’s tens of millions of leaked passwords in 2025 alone: haveibeenpwned.com/PwnedWebsites
SanctimoniousApe@lemmings.world 10 hours ago
That makes sense, thank you.