[New Data] Block These Top Keyboard Walk Patterns Found in Compromised Passwords

Keyboard Walk “Qwerty” Found in Compromised Passwords More than 1 million times

Today, the Specops research team is sharing the results of their latest findings on the use of keyboard walk patterns in compromised passwords. The release of these findings coincides with the latest addition of over 6 million compromised passwords to the Specops Breached Password Protection service, which helps organizations block the use of over 4 billion unique compromised passwords in Active Directory.

Keyboard walk password patterns are passwords comprised of keys that are located next to each other on the user’s keyboard. 

The team analyzed an 800 million password subset of the larger Breached Password Protection database to find the top keyboard walk patterns in compromised password data.

“Keyboard walk patterns are yet another predictable password behavior,” said Darren James, Senior Product Manager at Specops Software. “Users are human and are motivated to create passwords that are easy to remember. This research shows us just how common strolling along the keyboard is as a tactic for creating memorable passwords.”


The Specops research team used a common keyboard walk generator to generate keyboard walk patterns for 3 common (Latin alphabet) keyboard layouts:

 1. Qwerty. Prevalent in the America and several regions of Europe (with slight modifications).

2. Azerty. Predominantly France and Belgium.

3. Qwertz. Widely used in Germany and Central European countries

Patterns for each of these layouts were then checked for occurrences within the 800 million compromised password data subset.

To ensure our results spoke to true “keyboard walks” instead of just walks that occur in normal language, our team filtered results to only look for patterns that included 5 characters or more.


Top Qwerty keyboard walk patterns found in compromised passwords

  1. Qwerty (found over 1 million times)
  2. qwert
  3. werty
  4. asdfg
  5. tress
  6. zxcvbnm
  7. drews
  8. qwertyuiop
  9. asdfgh
  10. vbnhb

Top Azerty keyboard walk patterns found in compromised passwords

  1. xcvbn (found over 143,000 times)
  2. asdfg
  3. tress
  4. ertyuiop
  5. asdfgh
  6. azerty
  7. vbnhb
  8. eezer
  9. esert
  10. ertyu

Top Qwertz keyboard walk patterns found in compromised passwords

  1. qwert (found over 1.4 million times)
  2. asdfg
  3. xcvbnm
  4. tress
  5. trewq
  6. xcvbn
  7. drews
  8. vbnhb
  9. asdfgh
  10. aqwert

“We find keyboard walk patterns in compromised password data because users are human,” said James. “But the danger is that attackers also know this. Any IT team looking to shore up their defenses against this particular prevalent password behavior would be smart to block these specific patterns. Smarter IT teams would go further and make sure to block the use of any known compromised password.”

How to Find Compromised Passwords Like These in Your Network

Today’s update to the Breached Password Protection service includes an addition of over 2.9 million compromised passwords to the list used by Specops Password Auditor.

You can find how many of your passwords are either compromised or identical with a scan from Specops Password Auditor. Specops Password Auditor does not store Active Directory data, nor does it make any changes to Active Directory.

Decrease Your Password Reuse Risk by Blocking These Passwords 

With Specops Password Policy and Breached Password Protection, organizations can prevent the use of passwords like these and over 4 billion more known compromised passwords. These compromised passwords include ones used in real attacks today or are on known breached password lists, making it easy to comply with industry regulations such as NIST or NCSC.

Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. The Breached Password Protection service blocks these banned passwords in Active Directory with customizable end-user messaging that helps reduce calls to the service desk.

See how with a demo or free trial.

(Last updated on July 18, 2023)

Back to Blog