There are significant security risks tied to poorly chosen passwords, as highlighted by a new report from NordPass. The research, analyzing a 2.5-terabyte database involving passwords from various publicly available resources and the dark web, reveals the most common passwords in 2024. The findings emphasize that many users tend to rely on simple, easy-to-remember passwords, making them easy targets for cybercriminals.
The study, which encompassed data from 44 countries, identified the 15 most frequently used and easily crackable passwords. Topping the list is “123456,” with a staggering usage count of 3,018,050 and an estimated cracking time of less than one second. Other prevalent passwords include “123456789” (1,625,135 uses), “12345678” (884,740), and “password” (692,638). The complete list reveals alarming trends in password choice, showing a troubling technological complacency among users.
Common passwords and their risks
Here is a complete rundown of the 15 most common passwords and their respective statistics:
- 1. 123456 – <1 second to crack, used 3,018,050 times
- 2. 123456789 – <1 second, 1,625,135
- 3. 12345678 – <1 second, 884,740
- 4. password – <1 second, 692,638
- 5. qwerty123 – <1 second, 642,638
- 6. qwerty1 – <1 second, 583,630
- 7. 111111 – <1 second, 459,730
- 8. 12345 – <1 second, 395,573
- 9. secret – <1 second, 363,491
- 10. 123123 – <1 second, 351,576
- 11. 1234567890 – <1 second, 324,349
- 12. 1234567 – <1 second, 307,719
- 13. 000000 – <1 second, 250,043
- 14. qwerty – <1 second, 244,879
- 15. abc123 – <1 second, 217,230
The analysis sheds light on an alarming pattern: many users gravitate toward overly simplistic passwords, increasing their vulnerability. Notably, passwords such as “football” (59,656 instances) and “princess” should be avoided due to their low complexity and ease of guessability. Even less conspicuous terms, like “f-ckyou,” stood out with over 50,000 instances of use and a similarly rapid cracking time.
To bolster security, NordPass advises users to create passwords that are at least 20 characters long and include a mix of upper and lowercase letters, numbers, and symbols. Avoiding conventional words or easily guessable personal information can significantly enhance one’s password strength.
The case for passkeys
Increasingly, passkeys are becoming a more user-friendly alternative for account security. Unlike traditional passwords, which are prone to being forgotten or vulnerable to breaches, passkeys utilize biometric verification methods like fingerprints or face scans, along with a mobile PIN. Google emphasizes that this method keeps track of lengthy passwords effectively while enhancing security.
As data breaches continue to make headlines, the importance of adopting robust security measures cannot be overstated. Users are encouraged to transition to more secure password practices and consider passkeys as a viable solution to help safeguard their personal information.
NordPass’s findings on the most commonly used passwords illustrate critical weaknesses in user security habits. With many passwords taking mere seconds to crack, it is essential for individuals to rethink their approach to password creation and management. By adopting longer, more complex passwords and considering the use of passkeys, users can better protect their sensitive data from potential threats.
Featured image credit: Matthias Heyde/Unsplash
