It’s 2024, and guess what? Many of us are still using “123456” as our password. If that makes you wince, you’re not alone. NordPass has just released its sixth annual study on the 200 most common passwords worldwide, and the findings highlight a troubling trend: we’re still pretty careless when it comes to digital security.
Familiar Failures at the Top
For six years running, NordPass has examined the world’s password habits, and the results aren’t encouraging. Despite widespread advice on creating strong passwords, the top entries on the list haven’t changed much. Once again, “123456” takes the dubious honor of the most popular password, followed by similarly weak entries like “password” and “123456789.”
NordPass summarized the situation bluntly: “After analyzing 6 years’ worth of data, we can say there hasn’t been much improvement in people’s password habits.”
How the Study Was Conducted
This year, NordPass collaborated with NordStellar to analyze a massive 2.5TB database of passwords gathered from publicly available sources, including data leaks and malware breaches. The study encompassed users from 44 countries, shining a spotlight on global and regional password trends.
The Global Top 10 Passwords of 2024
Here are the top 10 most commonly used passwords worldwide—and they’re as predictable as ever:
1. 123456
2. 123456789
3. 12345678
4. password
5. qwerty123
6. qwerty1
7. 111111
8. 12345
9. secret
10. 123123
NordPass estimates it would take a hacker less than one second to crack each of these. In fact, “123456” has dominated the top spot for five of the past six years.
U.S. Password Trends
While the global list leans heavily on numeric combinations (likely due to their universal appeal), the U.S. has a slightly different set of offenders, favoring English-based terms. The most common passwords in the U.S. for 2024 are:
1. secret
2. 123456
3. password
4. qwerty123
5. qwerty1
6. 123456789
7. password1
8. 12345678
9. 12345
10. abc123
Spoiler alert: these are no harder to crack.
Corporate Passwords: A Breach Waiting to Happen
The picture isn’t much better when it comes to workplace accounts. Despite countless hours of mandatory cybersecurity training, many employees are still using passwords like “password” or “123456” for corporate logins.
Here are the top 10 most popular corporate passwords globally in 2024:
1. 123456
2. 123456789
3. 12345678
4. secret
5. password
6. qwerty123
7. qwerty1
8. 111111
9. 123123
10. 1234567890
The U.S. corporate list shows similar patterns but includes an outlier: “aaron431.” This password has baffled researchers for years, as it appears across various industries. Some speculate it’s a default password for a popular software program that users never bother to change. While it would take hackers about five minutes to crack “aaron431,” that’s still a far cry from secure.
What Can You Do to Protect Yourself?
If any of these passwords look familiar, it’s time for a serious update. Weak passwords are essentially an open invitation for cybercriminals. To better protect your accounts:
1. Use a Password Manager: These tools generate and store strong, unique passwords for each account, reducing the risk of breaches.
2. Go Long and Complex: Aim for passwords that are at least 12 characters long, combining upper- and lower-case letters, numbers, and symbols.
3. Avoid Reusing Passwords: Each account should have its own unique password.
4. Enable Multi-Factor Authentication (MFA): Even if someone guesses your password, MFA adds an extra layer of security.
The digital world isn’t getting any safer, but with the right tools and habits, you can stay one step ahead of cybercriminals. So, ditch “123456” and invest in your online security—it’s worth the effort.