Here’s the list
1.123456
2.password
3.12345
4.12345678
5.football
6.qwerty
7.1234567890
8.1234567
9.princess
10.1234
11.login
12.welcome
13.solo
14.abc123
15.admin
16.121212
17.flower
18.passw0rd
19.dragon
20.sunshine
21.master
22.hottie
23.loveme
24.zaq1zaq1
25.password1
26.phone numbers

The list is based on 5 million leaked passwords, and almost 4% of hacked users used “123456” as their password of choice while more than 10% used another from the list. Most had a single word password, which is a dream come true for any hacker planning a quick and effective dictionary attack. Using this method, ahacker pretends to be the user and tries to log into their account, using a predetermined set of words or phrases from a list called “dictionary”.

Frequent usage also applies to another group ofpasswords on the list: sequences. “123456”, “qwerty” or “zaq1zaq1” are key sequences, which means the used symbols are near one another on the physical keyboard.
This kind of passwords is another dictionary favorite,but is also susceptible to a brute force attack.

This tactic is similar to a dictionary attack, since it also happens on the login screen, but instead of usingready-made lists, a hacker uses a special algorithm which attempts to enter different character combinations until a password match is found (i.e. attacker will try using “1234”, then “12345”, etc.)