Three weeks ago adultery website Ashley Madison was hacked, exposing account information for more than 30 million users.
Private membership information including names, email addresses, and detailed sexual preferences were made public. Despite making itself vulnerable to the data breach in the first place, Ashley Madison did secure its users using bcrypt-hashed passwords.
However, security firm Avast issued a new report finding some of its users' passwords were among the worst, most common passwords you could possibly pick to secure your adulterous online dating account. And not even the best encryption can help protect against weak passwords. Avast looked at the first million passwords in the Ashley Madison database to determine which ones were the weakest. To do so, it examined a list from 2008 called the 500 worst passwords of all time, and another list of 14 million passwords from the 2009 rockyou hack — along with a password-cracking utility called hashcat.
The firm stressed that its results may have been skewed because it used just the first million Ashley Madison passwords, which may have been created towards the beginning of the site's existence when people were less security conscious than they are now. Avast ranked the top 20 most popular Ashley Madison passwords. We've redacted a few of the NSFW results, but you can check out their website for the full list.
Here are the worst passwords on Ashley Madison, according to Avast:
