Weak Password Generator

Generate intentionally weak passwords for testing password strength validators, security awareness training and policy enforcement rules.

0 items
#

How Weak Passwords Are Categorised

Weak passwords fall into predictable patterns that attackers exploit using dictionary attacks, credential stuffing, and brute force. This generator produces examples from four commonly studied categories.

Categories

  • Dictionary — Common English words that appear in wordlists (sunshine, football, dragon). These are trivially cracked by any dictionary attack tool.
  • Common — Passwords that consistently top global breach analysis reports (123456, password, abc123). Credential stuffing tools try these first.
  • Keyboard — Patterns formed by adjacent keys on a QWERTY keyboard (qwerty, asdfghjkl, 1qaz2wsx). Visually random but completely predictable.
  • Default — Credentials shipped with devices, routers, and software out of the box (admin, root, changeme). Often left unchanged.

Each entry includes a "weakness" description explaining why the password is insecure.

Frequently Asked Questions

To test password strength validators (zxcvbn, HIBP checks, policy rules), security training demos, breach simulation exercises, and to verify that your authentication system correctly rejects commonly known passwords.

A dictionary attack tries a predefined list of words and common passwords instead of brute-forcing every combination. Modern wordlists (like RockYou) contain billions of previously leaked passwords. Dictionary-category entries here are drawn from these lists.

Yes. These password patterns are well-documented in public breach analysis reports (e.g. from NordPass, Hive Systems, NCSC). They are shared here for educational and defensive testing purposes only.

Show participants that patterns like p@ssword or 1qaz2wsx appear verbatim in wordlists and offer no real security. Contrast with output from the strong Password Generator to demonstrate the difference.

Yes. Export to CSV or JSON. Each row includes the password, its category, and a plain-English description of why it is weak.

Related Tools

Passwort-Generator

Generieren Sie starke zufällige Passwörter mit Groß- und Kleinbuchstaben, Zahlen und Symbolen für Tests und Sicherheitsanalysen.

Access Log Generator

Generate realistic fake web server access log entries in Apache Combined, Apache Common, or Nginx format for testing log parsers and analytics pipelines.

User Agent Generator

Generate realistic fake browser user agent strings covering desktop browsers, mobile browsers and bots for testing UA parsers and analytics systems.

Alle generierten Daten sind rein fiktiv und nicht zur Verwendung als echte personenbezogene Daten geeignet.