Nordpass has released their annual Top 200 Most Common Passwords list, which serves as a reminder that, for whatever reason, many people still struggle with creating strong passwords.
The list contains the most commonly used passwords from 50 countries, as well as information on how many times the passwords are used and how long it takes to crack them.
The most popular password from the previous year, 123456, remains at the top. Over one million more United States users decided this was a good password to use in 2021.
Most of the rest are repeated, though picture1, the third most popular password in 2020, has dropped off the list. The top ten most popular passwords in the United States and worldwide are listed below.
2021 Most Popular Passwords in the United States
- 123456 – Less than one second to crack, over 3.5 million uses recorded
- Passwordless than one second to crack, with over 1.7 million uses recorded
- 12345 – Cracked in less than a second, 958K+ uses counted
- 123456789 – Cracked in less than a second, 873K+ uses counted
- password1 – Cracked in less than a second, 666K+ uses counted
- abc123 – Cracked in less than a second, with over 610K uses.
- 12345678 – Less than one second to crack, with over 440K uses recorded
- qwerty – took less than a second to crack and has 382K+ uses.
- 11111 – Took less than a second to crack, with over 369K uses recorded.
- 1234567 – Cracked in less than a second, 356K+ uses counted2021 Most Popular
Passwords Across All Countries
- 123456 – It took less than a second to crack, and over 103 million uses have been used.
- 123456789 – Took less than a second to crack, with over 46 million uses.
- 12345 – Cracked in less than a second, with over 32 million uses.
- qwerty – less than one second to crack, 22 million+ uses
- password – took less than a second to crack, with over 20 million uses recorded
- 12345678 – Less than one second to crack, 14 million or more uses counted
- 111111 – Cracked in less than a second, with over 13 million uses.
- 123123 – Cracked in less than a second, with over 10 million uses.
- 1234567890 – Took less than a second to crack, with over 9.6 million uses.
- 1234567 – Cracked in less than a second, 9.3 million times.
Names, sporting teams (Liverpool is a popular password), automobile brands, swear words, and animals are also common passwords. Bands are also popular, with Metallica and Slipknot ranking first and second, respectively, and One Direction making a comeback after dropping off the list last year.
Best Practices for Passwords
We all know that password security is nothing new, but as we saw above, insecure passwords continue to be easy pickings for threat actors. As we near the end of the year, our cybersecurity team is sharing some best practices for creating secure passwords and policies below:
Avoid Using Poor Passwords
Have you seen the list above? You are not on the list.
Wouldn't it be nice if it were that simple? In all seriousness, strong passwords are always required. However, they are becoming increasingly scarce.
Avoiding easily guessable passwords is a good place to start when creating a secure password. Some of the worst passwords we've come across include:
- Sports Teams
- Birthdays Pet’s Names
- Season / Month / Year
- Address
- Regional Interests
- Variations of “Password”
- Incremented Passwords
- Reused Passwords
Create Passphrases
We advise end users to think of passwords as passphrases. Consider something only you would know, rather than password criteria such as length, numbers, and special characters. Put together a random selection of words from a personal story or memory.
Stringing several small words together can increase password complexity while meeting most length requirements. Remember that just because a password meets a site's requirements does not make it secure. It is safe if it is something that only you know.
Make Use of Password Management Software
We understand how difficult it can be to remember your passwords, especially with so many different requirements from different websites. Using password management software, which acts as a master lock for your passwords, is one way to make it easier.
Password managers not only add convenience to password security but many also assist you in creating strong passwords that meet stringent requirements. No, writing passwords on a scrap of paper and hiding it under your keyboard is not a password management solution.
Make Several Passwords
If you do not use a password manager, having unique passwords for each account is a must. When stealing a password, one of the first things threat actors do is look to see what other accounts it might crack.
Attackers will use a strategy known as credential stuffing to see how many accounts they can compromise with stolen credentials in order to increase their earning potential.
Consider how many accounts you have that use the same password and username/email address. You can probably see the potential harm of having only one password.
Update Security Concerns
Security questions are frequently used to safeguard our accounts. With our digital footprints and information strewn across social media and search engines today, however, they can be easy targets for threat actors. Consider some of the most frequently asked questions and where to find the answers, such as:
- Birthday – Social media, public records
- Where did you and your spouse meet – Social media, wedding registry sites
- What high school did you go to – Social media, public record, alumni associations
- What was your first job – Social media, professional biographies
Isn't that concerning? Remember to treat the answers to these questions like passwords and to update them on a regular basis.