It seems that every time the topic of password cracking comes up, there is a question that quickly follows: “do you have a dictionary?” There are a number of websites that maintain lists of default passwords for equipment. Two that seem to receive a bit of attention are SearchLores and Liquid Matrix. However, Skull Security took things a bit further and has provided links to various leaked databases that have appeared in the last year. These are real passwords used at live sites.
I decided to take all three and combine them into a single master list. I have also included the leaked account names from the recent #OpDarknet. While not passwords, these account names are descriptive for a particular niche lending to the possibility that they may also be passwords. Either way, they are included. If someone believes there is a better way to distribute this, please comment. The original files are separated but were consolidated for this post.
The file WholeLottaPasswords.7z weighs in at 36.6 MB compressed and 150 MB uncompressed. It contains 14,504,798 unique lines. Enjoy.
As a counterpoint to this article, if you find yourself using the same password at multiple sites, weak passwords, or you find your password in this list … you may want to read Password Management.