bad-passwords-feature-image

200 Most Common Passwords – 2024

NordPass has released the latest issue (the sixth version) of its Top 200 Most Common Passwords list. Jim Hillier reported on the list way back in 2020. Not much has changed. Weak passwords still top the list.

Methodology

NordPass complied the list with NordStellar, a threat exposure management platform owned by NordPass’s corporate parent Nord Security. They reviewed and analyzed a 2.5TB database extracted from various publicly available sources, including those on the dark web from 44 countries. They analyzed passwords stolen by malware or exposed to data leaks.  In most cases, they were leaked with email addresses.

Since they had the domain name, they had the information to distinguish between corporate and personal credentials. Therefore, the worst corporate passwords are new in this sixth version of the list.

Personal

Here are the top 20 most popular personal passwords of 2024:

Rank Password Time to crack  Count
1 123456 < 1 second              3,018,050
2 123456789 < 1 second              1,625,135
3 12345678 < 1 second                  884,740
4 password < 1 second                  692,151
5 qwerty123 < 1 second                  642,638
6 qwertyl < 1 second                  583,630
7 111111 < 1 second                  459,730
8 12345 < 1 second                  395,573
9 secret < 1 second                  363,491
10 123123 < 1 second                  351,576
11 1234567890 < 1 second                  324,349
12 1234567890 < 1 second                  324,349
13 1234567 < 1 second                  307,719
14 000000 < 1 second                  250,043
15 qwerty < 1 second                  244,879
16 abci23 < 1 second                  217,230
17 passwordl < 1 second                  211,932
18 iloveyou < 1 second                  197,880
19 111111 < 1 second                  195,237
20 dragon < 1 second                  144,670

(Note: 11 & 12 are the same probably an error).

Sequential number passwords remain very popular, with “123456” topping the list. Eleven out of the top twenty most used passwords consist of various numerical combinations. The top five most common passwords have over 6.8 million users. Of the top twenty most used passwords, all take under a second to crack.

Corporate

Here are the top 20 most popular corporate passwords of 2024:

Rank Password Time to crack  Count
1 123456 < 1 second   1,233,447
2 123456789 < 1 second       693,611
3 12345678 < 1 second       365,724
4 secret < 1 second       339,202
5 password < 1 second       196,477
6 qwerty123 < 1 second       144,238
7 qwertyl < 1 second       137,903
8 111111 < 1 second       106,328
9 123123 < 1 second       102,207
10 1234567890 < 1 second         92,998
11 qwerty < 1 second         91,862
12 1234567 < 1 second         86,162
13 11111111 < 1 second         80,114
14 abc123 < 1 second         57,907
15 iloveyou < 1 second         53,803
16 123123123 < 1 second         51,101
17 000000 < 1 second         46,185
18 0000000 < 1 second         45,376
19 a123456 < 1 second         42,194
20 passwordl < 1 second         41,427

The most common corporate passwords are nearly identical to the most common personal passwords. I found this list interesting since I would expect most corporations to have rules against allowing passwords this weak.

An Interesting Finding

“123456” has been in the number 1 or number 2 spot every year throughout the lifetime of this study as the world’s worst password.

Jim’s 2020 Advice

What Jim said in 2020 is still true today. First, ALWAYS use strong passwords. Second, NEVER use duplicate passwords for accounts that contain sensitive information such as banking, credit cards, etc.

Best Practices

A password manager is an essential part of internet security. Password managers allow users to have strong and unique passwords for every site they visit on the internet. Two good cloud-based password managers are Bitwarden and 1Password. I currently have a subscription to 1Password but have used the premium Bitwarden in the past. Jim Hillier recommends Bitwarden’s free version if you do not need the premium features. If you prefer a password manager with local credential storage, the DCT recommended KeePass is an excellent choice – I used it for years before switching to cloud-based password managers.

It is also important to have a strong password to protect this password manager. See my Ultimate Guide To Create A Master Password – Part 1 and Part 2 on how to do this.

If you ignore our advice to use a password manager, at least create better passwords than those that are on this list. You will not be as secure as if you use a password manager, but you will be more secure than most. See Jim Hillier’s Creating Strong But Easily Remembered Passwords.

Leave a Comment

Your email address will not be published. Required fields are marked *

Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!