Top 200 Most Common Passwords worldwide in 2024

[Becassine]

Source : https://nordpass.com/most-common-passwords-list/

It’s our sixth year—this time, in collaboration with NordStellar—analyzing people’s password habits, and guess what? They're still really bad.

And we're not just talking about personal passwords here. This time, we also put together a list of the most common corporate passwords to see how they compare to those used in everyday life.

So, check out all the dishonorable winners on both lists and learn what the latest trends are.

Many beginners fall victim to hacking due to weak passwords and, of course, the lack of two-factor authentication. To get an overview of this persistent issue, it's insightful to look at the global ranking of commonly used passwords; you can also consult statistics specific to your country. This information is also valuable when considering the selection of a passphrase (which, for convenience, we might call the 25th word). Finding a reliable yet easy-to-remember password isn't easy. What are your tips for achieving this?

[Felicity_Tide]

Finding a reliable yet easy-to-remember password isn't easy. What are your tips for achieving this?

That's where the whole problem lies.
Most users prioritize passwords that are short and are easy to remember, than passwords that are quite complex and secure. And that's why few web applications that genuinely value the security of their users will either add a two-factor authentication, or will specify that their users follow a specific order while creating a password, such as,
Using more than 8 characters, uppercase and lower case letters, numbers, and symbols. Though, following such patterns can be really frustrating for some people, especially does that don't understand how important password security is.

And from the list of most common passwords, the "123456789" is quite common. I think I have connected to few routers using that particular numbering order. But to answer the question above, finding a reliable password is never a big deal, but remembering them always been. So, my only suggestion is that users should just write down the password and keep them in a safe location. Of course there are those that can memorize, but it is advisable to write down.

[Son Of Blockchain (SOB)]

Source : https://nordpass.com/most-common-passwords-list/

It’s our sixth year—this time, in collaboration with NordStellar—analyzing people’s password habits, and guess what? They're still really bad.

And we're not just talking about personal passwords here. This time, we also put together a list of the most common corporate passwords to see how they compare to those used in everyday life.

So, check out all the dishonorable winners on both lists and learn what the latest trends are.

Many beginners fall victim to hacking due to weak passwords and, of course, the lack of two-factor authentication. To get an overview of this persistent issue, it's insightful to look at the global ranking of commonly used passwords; you can also consult statistics specific to your country. This information is also valuable when considering the selection of a passphrase (which, for convenience, we might call the 25th word). Finding a reliable yet easy-to-remember password isn't easy. What are your tips for achieving this?

Wow, those passwords are extremely weak, people don't seems to understand what a password is all about, it's just like a lock securing one's building or apartment and if the lock is not strong enough could be easily penetrated by burglars. People who don't use a very strong password are making it more easier for hackers to penetrate, like why would someone even use 111111, 123456 or even the word "password" as an Internet security lock.
 That's why it's very good to pay attention to details, most sites would indicate the use of alphabets, numbers then symbols and the first letter should be uppercase then the rest lower and the characters should be a least 8 to 24, to ensure a stronger security but some people are ignorant or should say stubborn when it comes to paying attention to details, they're making themselves vulnerable to hackers.

[Alpha Marine]

I've never been the best regarding passwords, but even when I was still a kid who had just started having Facebook and other online accounts, I never used passwords as weak as those on that site. I try to make my passwords as complicated as possible in my own way.

Finding a reliable yet easy-to-remember password isn't easy. What are your tips for achieving this?

These days I rely more on 2FA for my protection because like I said, I'm not too good at passwords. That doesn't mean my passwords as shallow. I try to use things not related to me that I can remember.  Luckily for us, these days, most secure accounts we create require us to have certain characters and numbers in our passwords to make them more secure.
Also, most times there's a way of retrieving your account through an email or phone number so I don't get scared of using hard passwords anymore as long there's a guaranteed way of gaining access to my online accounts if I lose my passwords. 

[OcTradism]

Passwords are one of most important contributors to secure your devices and accounts.

Firstly, your discussion is similar to this.
Are your passwords in the green?

Secondly, there are some advices.
Crypto security: Passwords and Authentication (Livestream -aantonop)
[GUIDE] How to Create a Strong/Secure Password
Password Spray Attack vs Brute Force Attack
passwordstore an open source password manager

[ABCbits]

It's been more than 11 years since OWASP released top 10 million common password[1], but password like "123456" and "password" are still on top position. Although i'm curious whether Nord only include data from past year or include all data they could fund.

What are your tips for achieving this?

Use good password manager, with built-in password generation feature.

[1] https://github.com/danielmiessler/SecLists/tree/f50231d90afeff9738d34d3041381ec44b6b202e/Passwords

[btcltcdigger]

Ah, the age old password controversy. But as stated, good password manager is the key. OR if you don't trust those, 2fa.
But in any case, we've all at some point used passwords similar to 123456, everyone is to blame. Especially for 1off sites and services where you don't plan to return

[Salahmu]

And from the list of most common passwords, the "123456789" is quite common. I think I have connected to few routers using that particular numbering order.

This kind of password is very common, especially to someone who is not much familiar with password system so they just use it for easy remembrance, some can even make it a bit shorter by using 12345678, though I think a lot of platform has upgraded their password system where they disallowed any password they found very easy for a third party to attempt, though most platform usually recommend password for the first time but I don't think is good to use such generated password because unless you keep it somewhere safe you may not be able to memorize it the way you would do with the one you come up yourself.

[Majestic-milf]

Finding a reliable yet easy-to-remember password isn't easy. What are your tips for achieving this?

That's where the whole problem lies.
Most users prioritize passwords that are short and are easy to remember, than passwords that are quite complex and secure. And that's why few web applications that genuinely value the security of their users will either add a two-factor authentication, or will specify that their users follow a specific order while creating a password, such as,
Using more than 8 characters, uppercase and lower case letters, numbers, and symbols. Though, following such patterns can be really frustrating for some people, especially does that don't understand how important password security is.

And from the list of most common passwords, the "123456789" is quite common. I think I have connected to few routers using that particular numbering order. But to answer the question above, finding a reliable password is never a big deal, but remembering them always been. So, my only suggestion is that users should just write down the password and keep them in a safe location. Of course there are those that can memorize, but it is advisable to write down.

You make a fine point here and I have to be honest, I tend to go for passwords that are easy to remember but these days, it's easier with Google helping to save passwords using the Google manager so you can remember them especially those complex ones.
 There are individuals who find it hard to come up with complex passwords and as such, these webs as you've mentioned sometimes help to generate passwords for you as well to ensure a better security for your details than the common 1234... Or the birthday dates some use.

[ultrloa]

And from the list of most common passwords, the "123456789" is quite common. I think I have connected to few routers using that particular numbering order.

This kind of password is very common, especially to someone who is not much familiar with password system so they just use it for easy remembrance, some can even make it a bit shorter by using 12345678, though I think a lot of platform has upgraded their password system where they disallowed any password they found very easy for a third party to attempt, though most platform usually recommend password for the first time but I don't think is good to use such generated password because unless you keep it somewhere safe you may not be able to memorize it the way you would do with the one you come up yourself.

Also for people who's not really aware about the huge risk on what they are doing that's why people need to be educated towards how they make their online credentials and other important details safe.

To bad that other learn this on hard way which they experience first a heavy hacking before doing a counteraction on those situation happened those them. Right now we are in digital era and everything are in online and better for people to know how important to create a strong password. Also the site where they register their accounts have this precaution that's why they should follow and don't be so lazy for setting up their password since their security is at huge risk if they play fool around.

[Justbillywitt]

When it comes to password, people should take it very serious. Anyone who has your password has gotten access to most of the important things in your life. You don't take because you want to use a password you can be remembered easily and cause yourself harm, or exposed yourself to potential risk. Generating a strong password is not something that should be hard, for someone to come up with, if truly you understand the importance of strong password and you value your privacy. It doesn't make any sense to use any passwords that you know can easily be guessed by others. It's better to use a strong password and forget it, than to use a password that others can easily access. If you forget your password, you can easily recover it by doing forgotten password and you will be given opportunity to recover it. Provided you have access to the registered email address or mobile number used during registration process.

[Becassine]

As far as password managers are concerned, the lastpass hack in 2022 is undoubtedly a painful reminder that a strong password is essential (because if the master password was very strong, data hacking was more difficult)

It even seems that some users didn't learn their lesson and left their seed stored online.

https://www.theblock.co/post/331118/lastpass-threat-actor-drains-5-4-million-in-crypto-from-over-40-victim-addresses-zachxbt

2023 :

This theft of sensitive customer data from LastPass had already led to two batches of cryptocurrency hacks, which ZachXBT identified—one in October 2023, which stole $4.4 million and another in February this year, which resulted in losses of over $6.2 million.

2024 :

This week, LastPass breach linked to $5.4 million crypto theft, CoinLurker malware steals data via fake updates, cryptocurrency key to 27 million euro seizure and nearly 800 arrested in Nigerian crypto-romance scam.

Hackers linked to the 2022 LastPass breach stole $5.4 million in cryptocurrency from over 40 wallet addresses, said blockchain analyst ZachXBT.

The attackers swapped stolen funds for Ethereum, then converted them to Bitcoin via instant exchanges. This marks the third wave of cryptocurrency theft tied to the breach, following $4.4 million stolen in October 2023 and $6.2 million in February.

Source : https://www.bankinfosecurity.com/crypto-roundup-lastpass-breach-linked-to-54m-crypto-theft-a-27109

On the other hand on the fact that you can easily retrieve your password from your e-mail, which may itself be under surveillance, is probably not a good idea.

(I'd like to take this opportunity to remind beginners that they can test their e-mail address here: https://haveibeenpwned.com/)

[albon]

As far as password managers are concerned, the lastpass hack in 2022 is undoubtedly a painful reminder that a strong password is essential (because if the master password was very strong, data hacking was more difficult)

It even seems that some users didn't learn their lesson and left their seed stored online.

For me, I do not prefer any password manager programs at all.

Indeed, LastPass was one of the oldest and most well-known programs for saving and storing users’ passwords. After it was hacked and this massive amount of digital assets and users’ wallets were stolen due to the decryption of weak and easily guessed passwords, this served as a lesson urging everyone to use strong passwords, which I see as using words and sentences, as they are stronger than using numbers.

It also urges any beginner not to save their seed phrases online but rather keep them offline for better security.

On the other hand on the fact that you can easily retrieve your password from your e-mail, which may itself be under surveillance, is probably not a good idea.

(I'd like to take this opportunity to remind beginners that they can test their e-mail address here: https://haveibeenpwned.com/)

That's right! If the email is already compromised, then there's no point in recovering the password.

Therefore, beginners should not rely on this option. Instead, they can store their passwords securely in a notebook or any other safe method.

Indeed, the website you mentioned is very good, and I have been using it for years... it’s even in my bookmarks.

[aioc]

That's right! If the email is already compromised, then there's no point in recovering the password.

Therefore, beginners should not rely on this option. Instead, they can store their passwords securely in a notebook or any other safe method.

The email is the most important platform, so it should be the most secured. Creating a strong password and using a 2FA authenticator or email verification and passkey should be utilized, which is why an email like Gmail keeps reminding its users to secure their email by utilizing all the available verification.
I'm also using a notebook, and the email provided authentication because hackers are good, so you must be outwitting them.

[Asuspawer09]

I guess in the end this was just a problem for the users, not having a secure password probably could be laziness probably? I mean writing it in a notebook maybe? putting it on your smartphone or any kind of form or storable just to have some kind of backup in case you forgot about the password. I think we are just too lazy to do the extra work so we just end up on getting the easiest work or numbers to remember which obviously going to compromise security.

I mean i can't believe that anyone is going to use 123456 as a password in some cases imagine if it contains funds or a password to your bank account they could easily access your money probably first try if they try to access your account with some random password. I dont really know but it might be easy to force open this kind of password, I would always suggest to have the safe password with uppercase, letters, numbers etc.

when you check this kind of password here:

https://www.security.org/how-secure-is-my-password/

it say that this password is gonna instantly be crack. So if a hacker is going to crack your password they could easily crack it.

We have a great topic here how to create a strong password:

How to Create a Strong/Secure Password

[joniboini]

As far as password managers are concerned, the lastpass hack in 2022 is undoubtedly a painful reminder that a strong password is essential (because if the master password was very strong, data hacking was more difficult)

The biggest lesson was that we should not rely on a third party to store and manage our passwords, especially when they've been hacked multiple times in the past. I was one of their users and decided to move on to an open-source alternative like KeePass. It can be a bit of a hassle to manually back up my database but that's much better than relying and hoping that LastPass won't get hacked. There are many open-source alternatives too, just take a little time to learn how they work.