Cybersecurity experts often share advice about the do’s and don’ts of passwords as a vital part of good cyber-hygiene practices. And yet, annual roundups of the most common passwords show that many of us continue to prioritize convenience over security, putting our accounts and data at risk of theft.
NordPass has just revealed the 200 most commonly used passwords on the web in 2020, showing yet again that various easy-to-guess combinations of numbers remain as popular as ever. Seven out of the top ten worst passwords were made up of various numerical combinations, with “123456”, “123456789” and “12345678” occupying the first, second and fifth places, respectively. The third spot went to “picture1”, a new addition to the list, and was followed by, well, “password”.
If that isn’t a cause for worry, then perhaps these two facts should be – the top five passwords have over 4.5 million users among them and they account for more than 38 million combined exposures in data breaches. Moreover, all of these passwords, except “picture1”, could be cracked in less than a second.
The chart is mostly made up of entries that also made it onto the lists of the most common passwords last year and the year before. But there have also been 78 new additions to the list, such as “senha” (Portuguese for "password"), “Million2” or “aaron431”. Part of the last one is also the most popular name used as a password.
You can browse through the whole list on NordPass’s blog, but here are the 25 that topped the list this year.
Position | Password | Position in 2019 |
---|---|---|
1 | 123456 | 2 |
2 | 123456789 | 3 |
3 | picture1 | – |
4 | password | 5 |
5 | 12345678 | 6 |
6 | 111111 | 17 |
7 | 123123 | 18 |
8 | 12345 | 1 |
9 | 1234567890 | 11 |
10 | senha | – |
11 | 1234567 | 12 |
12 | qwerty | 10 |
13 | abc123 | 16 |
14 | Million2 | – |
15 | 000000 | 28 |
16 | 1234 | 15 |
17 | iloveyou | 14 |
18 | aaron431 | – |
19 | password1 | 29 |
20 | qqww1122 | – |
21 | 123 | 199 |
22 | omgpop | – |
23 | 123321 | 39 |
24 | 654321 | 36 |
25 | qwertyuiop | 22 |
Mine is on the list! What do I do?
If you use any of these choices to “secure” your accounts, then you should get straight to fixing them. First of all, consider using a unique passphrase for each of your online accounts; if done right, it will be far harder or even (effectively) impossible to crack. While you’re at it, avoid other pitfalls of password creation and use, including password recycling.
If you're more of a video person, then we have you covered, too:
If you’re looking for a practical and convenient solution for your password woes, then a password manager could be the answer. Most reputable security products also offer some form of password management.
To complete your security review, you should also enable multi-factor authentication on all services that offer the option. And as many login credentials are stolen in data breaches these days, it also won’t hurt to sign up for a service that checks if your password has been caught up in any such incident.