Passwords: '123456' and 'password' are still among the most popular

Will we EVER learn? ‘123456’ and ‘password’ are still among the most popular passwords in the world – while many users continue to use their own name, report reveals

  • The annual NordPass Most Common Passwords report revealed common trends
  • It found that people are still using very simple and easy to guess passwords 
  • Including ‘123456’, ‘password’ and ‘qwerty’ which can be cracked in a second 
  • There were local and gender differences including sports teams as passwords 

It’s something that we’re all regularly warned about, but it seems that many people are still using passwords that are very easy to guess. 

New research has revealed that phrases including ‘123456’, ‘qwerty’ and ‘password’ are still among the most popular passwords used around the world. 

NordPass has released its annual Most Common Passwords report, finding passwords vary greatly in different locations and between different genders.

Amazingly, the report shows that many users are still using the own names as their passwords, while sports teams, car brands and band names are also wildly popular.  

Speaking to MailOnline, Jake Moore, a cyber security expert from ESET, explained this research shows that people still aren’t understanding the risks involved in using a weak password.

He recommends people use a password manager that can set different passwords for each site they visit without them having to remember the details. 

People are still using the same easy to crack passwords, according to a new study, with the most popular ‘123456’, ‘qwerty’ and ‘password’ among the most popular


In the report, NordPass sifted through a whopping 4TB of data, compiled in partnership with independent researchers.  

This revealed that 123456 is the most common password globally, and is used by an estimated 103,170,552 users. 

123456789 and 12345 are the second and third most popular, with 46,027,530 and 32,955,431 respectively. 

Other popular passwords in the top 10 list included qwerty, password and 111111. 

References to drinks, football clubs and other cultural icons of an area were also commonly used as passwords. 

‘Colocolo’ is commonly used in Chile, ‘nacional’ in Brazil, ‘sparta’ in the Czech Republic, ‘marseille’ in France, and  ‘schalke04’ in Germany.

While not necessarily easy to crack, they could be easy for someone to guess if they know the person lives in or around that football club.

Famous local beverage names, such as ‘guinness’ in Ireland, and religious passwords like ‘christ’ in Nigeria, ‘bismillah’ in Saudi Arabia, are also commonly used and easily guessed.

The findings show that, for a hacker, knowing someones location and gender can aid in cracking a password, as there are common traits.

For example, they found that overall, women used more positive and loving words, such as ‘sunshine’ or ‘iloveyou’.  

Meanwhile, men tend to use more sports, especially football-related passwords. In some countries, men also used more swear words than women. 

Common entertainment terms, including pokemon, superman, blink182, starwars and batman also feature in the list, as do foods like chocolate, cookie and pepper. 

NordPass CEO Jonas Karklys, said passwords keep getting weaker and people don’t maintain proper ‘password hygiene’.

Researchers also devised a risk index, which sorts countries into three risk tiers: low, average, and high. The index has been devised according to the number of passwords leaked per capita, with Russia, the US and Australia among the worst for password leaks

‘It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity,’ he said.  

In India and Japan, the top password was the word ‘password’, while in Indonesia, Portugal, Spain and Thailand it was ‘12345’. 

Brits used ‘123456’ most commonly, although football teams also played a major role – with two versions of ‘liverpool’ and ‘arsenal’ in the UK top ten.

There were many similarities among countries, NordPass discovered, with easy number combinations, such as the winning ‘123456’, popular worldwide


‘Qwerty’, or the localised versions, such as ‘azerty’ in French-speaking countries, or  ‘qwertz’ in German, were also popular in all the analysed countries. 

The most commonly used number combinations start with ‘123456’ and go up to 8 or 9, and sometimes add a zero on the end. 

Other common passwords are repetitions of the same number, such as 111111 or 00000000, NordPass discovered. 

Random letters were one of the most common categories of ‘common passwords,’ they found, with abc123 and qqww1122 topping the list, followed by 123456a and a123456. 

Researchers also devised a risk index, which sorts countries into three risk tiers: low, average, and high. 

The index has been devised according to the number of passwords leaked per capita, with Russia, the US and Australia among the worst for password leaks.

The UK was among the top with 2.78 leaks per capita, whereas Russia had 19.9 leaks per capita and China at 0.191.

Jake Moore, cyber security expert from ESET, said the use of such simple passwords suggests people are not understanding the risk involved.

‘By not using unique passwords it weakens your account and it could very easily be compromised,’ he explained. 

‘Hacking software is very easily accessible on the internet and even free software will be able to bypass any of these most used passwords in seconds. 

Women were more likely to use ‘friendly’ words and phrases like ‘iloveyou’ than men, and certain spots came out top in some areas over others, such as Hockey in Canada

‘It is therefore vital that people ensure that their online accounts are secured by a long complex password doubled up with the use of two-factor authentication (2FA).

‘Furthermore, using a password manager means you don’t have to remember the ridiculous amount of passwords we all now possess too. 

‘You no longer have to use the same password everywhere, or use memorable facts such as your dog’s name, or your kid’s birthday. 

‘Since the password manager takes care of the remembering part, every password can be a long and totally random string of characters.’

Modern web browsers come with a simple password manager built in, and Google Chrome will alert you if you enter a password that appears on a ‘hacked’ list. 

Source: Read Full Article