Top 10 coffee brands based on how much their names are used as passwords. Look, not every password research has to be meaningful.

When Dan Tentler stumbled upon an Instagram ad saying that you should hack your morning routine by drinking protein smoothie by Nescafé, he's tweeted that drinking a coffee or a smoothie or changing what you drink in the morning is not hacking, and he's right. But Dan has begun to wonder how many people actually use nescafe as their password, and have learned that quite a lot of them do.

Right, but how many? And what about other coffee brands? And what's the best coffee based on how often it is used as a password? Time for a silly password research 🙃

“nescafe”: Oh no – pwned! This password has been seen 7,708 times before

Pwned Passwords has the number of how many times a password has been seen in various password leaks, it also has an API, and there's a list of coffee brands on Wikipedia. So here it is…

Top 10 coffee brands

  1. georgia (57531× used as a password)
  2. jacobs (33594×)
  3. starbucks (17286×)
  4. franck (14508×)
  5. nescafe (7708×)
  6. justus (7484×)
  7. timhortons (1436×)
  8. lavazza (1388×)
  9. highpoint (1304×)
  10. folgers (1288×)

Yes, almost all of these are also something else than just a coffee. Maybe except Jihlavanka, the Czech coffee brand which is unfortunately produced elsewhere in the EU – jihlavanka has been used 63× times as a password. Anyway, Georgia is a state in the U.S., also a country at the boundary between Europe and Asia, a font, a ship, a submarine and even an asteroid (also used as a password georgia359). Georgia is also a name, just like Franck and Justus. Whether people mean the coffee brand or the submarine, we'll never know.

But there's just one hardcore fan, whose password is jitteryjoes. That's a coffee brand from Athens. The town in Georgia. The Georgia in the U.S. And I'm sorry, nobody cares about ziferblat, deathwishcoffee (“Your last wish?” – “Need a coffee! Wait, no, I'll change my password instead”) or keurigdrpepper.

Have I Been Pwned is run by Troy Hunt and even he's a password for 11 people sharing the same name. Seems that nobody uses my first name and last name as a password but mspacek has already been seen 9 times, and spacekm has been used by two users. I want to meet them. Although someone tells me that one of those two has “murder” in their email address so maybe they could just email me.

All coffee password and even the script available on GitHub. So what is hacking anyway? For example this or this.

Michal Špaček

Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why.

Public trainings

Come to my public trainings, everybody's welcome:

PHP application security
(June 2019 Praha)

HTTPS for developers and admins
(June 2019 Praha)