When it comes to online security, a password can be the difference between protecting your sensitive information and opening the door for cybercriminals. Unfortunately, as revealed by NordPass in their annual report, many people still rely on unimaginative passwords that are easily cracked by hackers. For the second consecutive year, “123456” has topped the list of the most common passwords globally, reinforcing the idea that many users are neglecting basic security hygiene.
In the report, which analyzed over 2.5TB of publicly available data — some of it sourced from the dark web — NordPass revealed the most popular passwords that continue to be used despite widespread advice to the contrary. Here’s a breakdown of the top 10 most common passwords that should immediately be avoided:
Top 10 Most Common Passwords in 2024:
- 123456
- 123456789
- 12345678
- password
- qwerty123
- qwerty1
- 111111
- 12345
- secret
- 123123
As you can see, these passwords are typically short, simple, and based on patterns or easily guessable information, making them extremely vulnerable to brute-force attacks. Hackers have no trouble using automated tools to crack these weak passwords in a fraction of a second. The fact that “123456” remains at the top of the list for so many years is a reminder of how complacent some users are about online safety.
Why These Passwords Are Dangerous
A good password should be unpredictable and contain a mix of letters, numbers, and special characters. Simple sequences like “123456” or common phrases like “password” offer little resistance to hackers, who can easily exploit them in their attacks. Cybercriminals don’t need much to break into accounts with weak passwords — they often use sophisticated algorithms that can guess millions of combinations in seconds.
Surprising Trends and Regional Differences
While many passwords on the list are globally ubiquitous, NordPass also pointed out some intriguing regional trends. For instance, in the UK, “liverpool” appeared near the top, likely influenced by the popularity of the football team. Meanwhile, in Australia, “lizottes,” the name of a well-known music venue, made an appearance. In countries like Finland and Hungary, terms like “salasana” and “jelszo” — both of which mean “password” in their respective languages — were commonly used. These regional differences show that while people may get a little more specific, they’re still opting for passwords that are far from secure.
What to Use Instead
If your password is on this list, it’s time to change it — and quickly. A good password should be long, complex, and unique to each account. To make your password more secure, try the following tips:
- Use a password manager: These tools can generate and store long, random passwords for each of your accounts, so you don’t have to remember them.
- Create a passphrase: Use a string of random words or a sentence that only you would understand. For example, “BlueElephant2!DancesFast” is much harder to crack than “password123.”
- Enable two-factor authentication (2FA): Even if your password is compromised, 2FA adds an extra layer of protection by requiring a second form of verification.
For the most secure option, consider adopting passkeys, which are even more resistant to hacking and phishing attempts. These use biometric or cryptographic methods to authenticate you without relying on traditional passwords.
Final Thoughts
It’s clear that many of us are still underestimating the importance of strong, unique passwords. As cyber threats continue to evolve, we must adapt our habits to protect our personal and financial information. If your password is on this list, consider it a wake-up call and make the switch to a more secure option today. After all, in the digital age, your security is only as strong as the password you use to protect it.
