The Unexpected Word That Shows Up on Every Hacked-Password List

iStock
iStock

Every year, security-focused companies like SplashData release lists of the year's most hacked passwords, inevitably prompting us to ask, "Why would you make your password password?" In 2017, the most popular passwords list included longtime mainstays like 123456, qwerty, and, of course, password.

We get it, people aren't creative when they're coming up with their thousandth password. But WIRED (warning: paywall ahead) alerts us to one mainstay password that stands out from the pack, one that appears regularly on hacked password lists but has none of the obvious origins of passwords like hello or login. People love to make their password—drum roll, please—dragon.

WIRED investigated just why so many internet users use dragon to unlock their accounts, taking the question to password experts and security researchers.

Part of the reason, the magazine found, might just be related to the biases of these lists. They pull from leaked data from hacked sites, a dataset that doesn't always represent everyone on the internet. Depending on the user base of those hacked sites, the passwords also might represent specific groups (say, young dudes) who have more of a tendency to shout their love of fantastical winged reptiles from the rooftops.

The sites that get hacked and have their password data leaked to the world may not have had great security controls in the first place, either. Users might not have had to come up with extra numbers and special characters when generating a password. And the single-word dragon isn't as difficult for hackers to decode as some other passwords, so it's liable to be leaked. According to Keeper Security, many hackers can break a seven-digit password made up of upper- and lower-case letters and numbers in 10 seconds. Since dragon has already proved itself to be so popular, a hacker will probably go ahead and test that one out early.

Several people told WIRED they have used dragon as a password for years, just because, you know, they liked dragons. If you're a fan of Dungeons and Dragons, Harry Potter, Lord of the Rings, Game of Thrones, or, maybe even How to Train Your Dragon, dragon might be a super simple password to remember. And, because most people don't change their passwords as often as they should, you probably use it over and over again.

A similar reason might explain why words like football, monkey, and starwars often appear on these lists [PDF] year after year as well. People love football, monkeys, and Star Wars. Unfortunately, so do hackers.

Read the full rundown of why people love dragon—and why it's not a great way to protect the pile of gold that is your online data—here. As always, we will leave you with this reminder: Get a password manager. You don't want to end up as an embarrassing statistic on a password-shaming list.

[h/t WIRED]

Thursday’s Best Amazon Deals Include Guitar Kits, Memory-Foam Pillows, and Smartwatches

Amazon
Amazon
As a recurring feature, our team combs the web and shares some amazing Amazon deals we’ve turned up. Here’s what caught our eye today, December 3. Mental Floss has affiliate relationships with certain retailers, including Amazon, and may receive a small percentage of any sale. But we only get commission on items you buy and don’t return, so we’re only happy if you’re happy. Good luck deal hunting!

This All-in-One Storage Solution Can Be Used at Home or Carried on the Go

RUX/Indiegogo
RUX/Indiegogo

This article contains affiliate links to products selected by our editors. Mental Floss may receive a commission for purchases made through these links.

Whether you're looking for a durable storage solution for your garage or a roomy pack for a long camping trip, the collapsible RUX carrier can help keep your stuff safe and secure without taking up much room in your closet when you're done. And until December 10, you can support the project on Indiegogo.

The main idea of the RUX is to serve multiple purposes at once. You can carry it around like a backpack or duffle bag during a weekend trip outdoors, or you can use it as a stationary storage bin for your car or home. Despite being strong enough to hold your bulkiest gear, it only weighs around four pounds and is designed to be collapsible, so you can fold it up and slip it away afterwards. (Unfolded, the RUX comes in at 15.7 by 19.5 by 13.8 inches.)

And if you're looking to use it during more serious outdoor adventures, you can rest assured that its weatherproof construction will keep your stuff dry in the rain. There's even a window that allows you to double-check that your items are safe and sound.

RUX/Indiegogo

The RUX was created with sustainability and longevity in mind. Not only does the RUX have a lifetime warranty, but each component can also come off and be replaced easily so you can continue using the product no matter the problem. RUX is a member of 1% For The Planet, which is a group that gives back 1 percent of sales to environmental causes, even if they are not profitable.

There is still time to back the RUX campaign and reap the rewards. If you back $196, you’ll get your first RUX along with it. However, if you back $265, you’ll get one RUX, two divider totes, an EDC pouch, and two utility straps. If you back $449, you’ll get all the same things from the second level along with an extra RUX. If you want to back $515 or $725, you’ll get double or triple everything, respectively, from the second level.

The RUX campaign ends on December 10, so there is still time to back this product through Indiegogo. Shipments of RUX will hopefully start by June 2021.

Sign Up Today: Get exclusive deals, product news, reviews, and more with the Mental Floss Smart Shopping newsletter!