According to a not-at-all recent report by Keeper, there’s a 50/50 chance that any user account can be accessed with one of the 25 most common passwords.
And there’s a 17% chance that the password is 123456.
This strikes me as absolute rubbish, but it got me thinking, if I want to get unfettered access to some user accounts, and I don’t really care which accounts, rather than using ‘brute force’ by trying many passwords for one user account, it makes much more sense to flip that and try one password on many user accounts.
If Keeper are right (and not misinterpreting the data which I’m totally not accusing them of doing), then I could try the password “123456” on a random selection of accounts and for 1 in 5 attempts I’d be in like Flynn.
So I tried exactly this on Reddit, copy/pasting usernames into the sign in form, leaving the password as 123456 and clicking login. Over and over again.
Of the 30 user names I tried, this password worked for 0 of them. A strike rate of roughly 0%.
....