370 Passwords You Shouldn't (And Can't) Use On Twitter

If you’re on Twitter, that means you registered an account with a password that isn’t terribly easy to guess. As you may know, Twitter prevents people from doing just that by indicating that certain passwords such as ‘password’ (cough cough) and ‘123456’ are too obvious to be picked.

It just so happens that Twitter has hard-coded all banned passwords on the sign-up page. All you need to do to retrieve the full list of unwelcome passwords is take a look at the source code of that page.

Do a simple search for ‘twttr.BANNED_PASSWORDS’ and voilà, there they are, all 370 of them.

This isn’t a security issue, of course, and in fact it’s helpful to distribute the list so you can check if your favorite password that you use for other services might not be as fail-proof as you’d like to think. For the full list, simply download this TXT file, but here are a couple:

– password
– testing
– naked
– stupid
– twitter
– 123456
– secret
– please
– beavis
– butthead
– internet
– hooters

What would be interesting to know is if Twitter got this list from somewhere else, or if they actually analyze which passwords were most commonly chosen by its tens of millions of users in the past, rendering them ‘too obvious’. If the latter, that means this list is probably representative of most Web services.

(Thanks to Dario Manoukian for the tip; a quick search turns up a post on The Wundercounter featuring the list too)