When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

World's most common passwords remain alarmingly insecure, report finds

Neowin · with 10 comments

Security word with a black background

NordPass teamed up with the threat exposure management platform NordStellar to analyze a 2.5TB database of passwords extracted from public sources, including data leaks and malware-compromised accounts. The world's most popular passwords remain "alarmingly predictable and insecure," according to a new report.

By looking at the email addresses associated with the accounts, the researchers were able to distinguish between personal versus corporate passwords. For a second year in a row now, the password "123456" has retained its position as the most used password in the world.

Apart from "123456", several other more obvious easily-guessed passwords made it to the top 10, including "123456789," "qwerty123," "111111," and the more interesting "password."

Users give a window into what people are interested in and what they like. Sports team names such as "liverpool" in the UK and the restaurant "lizottes" in Australia appeared on the lists for those countries. The Finnish and Hungarian translations for "password" - "salasana" and "jelszo" - featured prominently in those nations.

While a small minority attempted to get a little fancier with choices such as "P@ssw0rd", these measures still proved insufficient. The researchers report that these 'safe' passwords can be cracked in less than a second.

Here are the top 10 most common passwords:

  1. 123456
  2. 123456789
  3. 12345678
  4. password
  5. qwerty123
  6. qwerty1
  7. 111111
  8. 12345
  9. secret
  10. 123123

"After analyzing 6 years of data, we can say there hasn't been much improvement in people's password habits," the NordPass team said. "So, despite many organizations trying to raise awareness, the problem is as alive as ever."

NordPass says that if your password is on this list, you should probably change it to something more creative that is also more secure, or maybe even try passkeys. A new form of authentication backed by Apple, Google and Microsoft, passkeys are a much more secure option than passwords. Rather than requiring users to create and remember complex strings of characters, they rely on biometric data or device-specific cryptographic keys to authenticate users.

Report a problem with article
Google Messages hero
Next Article

Google Messages app gets a discreet but powerful safety update

A graphical representation of Threads
Previous Article

Threads may start displaying ads as early as January 2025

Join the conversation!

Login or Sign Up to read and post a comment.

10 Comments - Add comment