[jessaustin]

That many people have noted the "dragon" phenomenon as strange, but we don't yet have an explanation, is perhaps stranger yet. In early days, one could have hypothesized that some basic "how to use passwords" resource had offered "dragon" as an example of a password, but after two decades of internet it seems unlikely that something like that could have had such a large effect.

[whoopdedo]

Part of it may be where the passwords are scraped from. If "dragon" has some relevance to the field then there's a higher probability that it will be used by people working in that field. This list is a sample of passwords from compromised databases not from all databases in the world.

I wonder about the prevalence of "allsop" as a password. I came across it in a computer I was repairing last week and it shows up 159 times in this list. Is it from the acronym SOP? Or because of the company that makes mouse pads?

[userbinator]

My first thought was that there could be some connection with MMORPGs, which often feature dragons.

Or because of the company that makes mouse pads?

This is probably the case for "allsop" - there are people who will look around them for inspiration when coming up with a password, and what was written on their mousepad caught their attention.

[Raphmedia]

I have a close friend whose password is dragon. At first, I thought it was a joke, but it's true.

Those of us who were kids in the 90's had dragons everywhere. Hell, we wore shirts with dragon patterns. Dragons were cool. Dragons were our passwords.