Hackers guessed the world’s most common password in under 1 second
14 Nov 2022
NordPass, the password management tool from the team behind NordVPN, released its list of the 200 most common passwords in 2022 — and it turns out people are still using notoriously weak passwords.
The most common password in the world this year was the infamously bad “password”, and it took hackers under one second to crack it. The same goes for the second and third most common passwords: “123456” and “123456789”, respectively.
NordPass compiled its list with the help of independent cybersecurity researchers who analysed a three terabyte database to produce their findings. The list is full of fascinating (and cautionary) info.
For instance, nearly 5 million people around the world used “password” as their password. And of the 20 most common passwords, 18 were guessed in under one second.
The most important takeaway, though? If your password is on the list, it’s time to make a change.
To ensure you’re not hacked, here’s NordPass’ 20 most common passwords in the world for this year — and what to do if yours is one of them:
- password
- 123456
- 123456789
- guest
- qwerty
- 12345678
- 111111
- 12345
- col123456
- 123123
- 1234567
- 1234
- 1234567890
- 000000
- 555555
- 666666
- 123321
- 654321
- 7777777
- 123
Bitwarden, an open-source password manager, found 31% of survey respondents experienced a data breach within the last 18 months, according to its 2022 password management survey. To avoid adding to that statistic, NordPass recommends choosing a complex password of at least 12 characters with a variety of upper and lowercase letters, symbols and numbers. A password generator is a helpful way to form these kinds of complex passwords.
You should also refrain from reusing a single password for multiple accounts, though the impulse is understandable — and common. The Bitwarden 2022 password management survey found more than 8 in 10 users reuse passwords across websites, with 49% of respondents saying they rely on memory to oversee their passwords. In addition, NordPass recommends routinely checking what accounts you’re actually using. Unused accounts are an online security risk, since a breach could go unnoticed.
Finally, you should regularly check the password strength of your existing passwords and update them with fresh and complicated ones. Even if you’re not using “password” as a password, your cybersecurity efforts could probably use an upgrade.
Contact Cyber Security Company LoughTec for a free no-obligation discussion on your business cyber security posture. Call +44 (0) 28 8225 2445 or email info@loughtec.com.