Like word distributions and company sizes, frequency of usage of particular passwords seems to follow a Zipf distribution or power law distribution. That is, there are a lot of people that pick from a small common pool of passwords and that the number of people that use a particular password drops off quickly once you step away from that common pool.
Mark Burnett’s research shows that, of a list of 10,000 ranked passwords:
- 91% of users have a password from the top 1000 passwords
- 79% of users have a password from the top 500 passwords
- 40% of users have a password from the top 100 passwords
BTW, almost 5% of all users have the password, ‘password’.
List of top passwords here. Heads up — there’s some colorful language in play here for popular passwords.