Pipal Trend Analysis of the Top 32 Mill. Passwords — Contains Immediately Actionable Password Advice
If a password cracker is brute forcing passwords using a pattern of eight lowercase letters followed by 2 digits then password17 is going to be guessed. Cracking software like hashcat even as the ability to use hybrid attacks that combine a dictionary and a brute force mask. If this dictionary+mask attack was using a list of the most common passwords, password17 wouldn’t stand a chance! At the number 2 most common password, it would take just 117 guesses (all 2 digit numbers appended to the №1 most common password + 17 guesses using password).