Ever wondered what kind of passwords hackers use? If you’re like me, I would assume with the nature of a hackers’ “job,” they would be the best password creators. However, in a surprising twist in the world of cybercrime, it seems that even hackers use weak passwords, similar to the majority.

Anti-virus firm Avast took a sampling of approximately 40,000 passwords, collected from years of analyzing malware. What they discovered was that only 10% of passwords were beyond being guessed or cracked, and almost none of these “unique” passwords contained a combination of upper and lowercase letters, numbers or symbols.

Here are some password patterns discovered by this sampling:

• Hackers most commonly used the lowercase letter “a;”
• “f, j, v, w, y and z” were seldom used;
• Uppercase letters were rarely used, but represented the first letter of the password or the whole password when they were;
• Of the special characters, . was used the most;
• Spaces as passwords get tested first by most hackers; and
• “1” was the most used number.

What I thought was ironic was that most of the sampling’s passwords were English words or common phrases, but frequently the word “hack” was the complete password. (A bit of foreshadowing?) And, the average password was only 6 characters with only 52 of the 40,000 passwords consisting of 12 characters.