The OWASP project publishes its SecList software content as CC-by-SA 3.0 this page takes no position on whether the list data is subject to database copyright or public domain. This particular list originates from the OWASP SecLists Project ( ) and is copied from its content on GitHub ( ) to link it more conveniently from Wikipedia. The passwords may then be tried against any account online that can be linked to the first, to test for passwords reused on other sites. Usually passwords are not tried one-by-one against a system's secure server online instead a hacker might manage to gain access to a shadowed password file protected by a one-way encryption algorithm, then test each entry in a file like this to see whether its encrypted form matches what the server has on record. A hacker can use or generate files like this, which may readily be compiled from breaches of sites such as Ashley Madison. If your password is on this list of 10,000 most common passwords, you need a new password.