Hackers guessed the world’s most common password in under 1 second

Hackers guessed the world's most common password in under 1 second - blog

Make sure yours isn't on the list

NordPass, the password management tool from the team behind NordVPN, released its list of the 200 most common passwords in 2022 — and it turns out people are still using notoriously weak passwords.

The most common password in the world this year was the infamously bad “password”, and it took hackers under one second to crack it. The same goes for the second and third most common passwords: “123456” and “123456789”, respectively.

NordPass compiled its list with the help of independent cybersecurity researchers who analyzed a three terabyte database to produce their findings.

NordPass compiled its list with the help of independent cybersecurity researchers who analysed a three terabyte database to produce their findings. The list is full of fascinating (and cautionary) info.

For instance, nearly 5 million people around the world used “password” as their password. And of the 20 most common passwords, 18 were guessed in under one second.

The most important takeaway, though? If your password is on the list, it’s time to make a change.

To ensure you’re not hacked, here’s NordPass’ 20 most common passwords in the world for this year — and what to do if yours is one of them:

  1. password
  2. 123456
  3. 123456789
  4. guest
  5. qwerty
  6. 12345678
  7. 111111
  8. 12345
  9. col123456
  10. 123123
  11. 1234567
  12. 1234
  13. 1234567890
  14. 000000
  15. 555555
  16. 666666
  17. 123321
  18. 654321
  19. 7777777
  20. 123


Bitwarden, an open-source password manager, found 31% of survey respondents experienced a data breach within the last 18 months, according to its 2022 password management survey. To avoid adding to that statistic, NordPass recommends choosing a complex password of at least 12 characters with a variety of upper and lowercase letters, symbols and numbers. A password generator is a helpful way to form these kinds of complex passwords.

You should also refrain from reusing a single password for multiple accounts, though the impulse is understandable — and common. The Bitwarden 2022 password management survey found more than 8 in 10 users reuse passwords across websites, with 49% of respondents saying they rely on memory to oversee their passwords. In addition, NordPass recommends routinely checking what accounts you’re actually using. Unused accounts are an online security risk, since a breach could go unnoticed.

Finally, you should regularly check the password strength of your existing passwords and update them with fresh and complicated ones. Even if you’re not using “password” as a password, your cybersecurity efforts could probably use an upgrade.

Contact Cyber Security Company LoughTec for a free no-obligation discussion on your business cyber security posture. Call +44 (0) 28 8225 2445 or email info@loughtec.com.


LoughTec: Watertight Cyber Security and IT Solutions