Like word distributions and company sizes, frequency of usage of particular passwords seems to follow a Zipf distribution or power law distribution. That is, there are a lot of people that pick from a small common pool of passwords and that the number of people that use a particular password drops off quickly once you step away from that common pool.

Mark Burnett’s research shows that, of a list of 10,000 ranked passwords:

•  91% of users have a password from the top 1000 passwords
• 79% of users have a password from the top 500 passwords
• 40% of users have a password from the top 100 passwords

BTW, almost 5% of all users have the password, ‘password’.

List of top passwords here.  Heads up — there’s some colorful language in play here for popular passwords.