On Friday, members of the CynoSure Prime password-cracking collective published the top 100 mostly commonly used Ashley Madison passwords recovered so far. With top entries including 123456, 12345, and password, the list underscored that accounts on the site dedicated to people cheating on their romantic partners were no better than those on LinkedIn and more above-ground sites.
Now CynoSure Prime members are back with a new list highlighting some of the most entertaining passwords found so far among the 11.7 million cracked accounts. With entries including goodguydoingthewrongthing, ishouldnotbedoingthis, thisiswrong, and whatthehellamidoing, the list suggests some of the people felt guilty about setting up accounts on the site, or at least feigned feeling guilty. Others demonstrated just how oblivious many users were to the weakness of their own passwords. Examples include passcodes such as thisisagoodpassword, thebestpasswordever, superhardpassword, and mypasswordispassword.
For what little it's probably worth, the people who ultimately picked the first class of passwords seem to have some ambivalence about what they're doing. People behind the second seemed to think that adding a few extra words somehow made the passcodes harder to guess. But as Ars chronicled in the 2013 feature How the Bible and YouTube are fueling the next frontier of password cracking, even passwords with 36 or more characters are easy fodder for crackers. The lack of capital letters, numbers or special characters made the passphrases especially susceptible, although many of them are so predictable that even a sprinkling of a numbers or capital letters couldn't save them.