200 Worst Passwords – 2020 Edition

It never ceases to amaze me that, despite many warnings over many years to the contrary, people continue to use weak and easily guessable passwords. NordPass, in conjunction with a top security firm, has recently published its list of the 200 most commonly used passwords for 2020 and, with the same old terrible passwords still topping the list, it seems people just aren’t listening.

Top Ten Worst Passwords
(Credit: NordPass)

Sequential number passwords remain very popular with “123456” topping the list, and even adding three more numbers to the sequential order (“123456789”) does not strengthen the password one iota. Seven out of the top ten most used passwords consist of various numerical combinations and, if that isn’t a cause for concern, then perhaps these two facts might be:

  1. The top five most common passwords have over 4.5 million users altogether and account for more than 38 million combined exposures in data breaches
  2. Of the top nine most used passwords, all except “picture1” (which is a new addition to the list), can be cracked in under one second. And the tenth in just 10 seconds

I find these statistics very difficult to fathom. After all, passwords represent a user’s security door and, if that door is left ajar, they may as well not have a door at all. Here at DCT, along with many other tech sites, we are continually advising people to use a good password manager or showing people how to create strong yet easily remembered passwords. Neither system is difficult to implement yet the statistics clearly show that people would rather run the very real risk of using weak passwords than make the effort.

Once More for Good Luck:

  1. ALWAYS use strong passwords
  2. NEVER use the same password for accounts that involve sensitive information, such as banking, credit card, etc.


10 thoughts on “200 Worst Passwords – 2020 Edition”

  1. Jim, this may sound silly. All this talk of how easily a password can be discovered fails to answer that just after a few attempts the location one is attempting to access, locks the person out, Mindblower!

    1. Hey MB,

      The lockout after three failed attempts system is only triggered when someone is imputing a password directly into the account sign-in box. This is not how hackers crack passwords. Passwords are stored on computers in Credential Manager- Web Credentials and Windows Credentials. Hackers use sophisticated methods to extract passwords from the data in these locations. It is more complicated than that but I hope that brief explanation gives you some idea.

      Cheers… Jim

  2. Hi Jim.
    I heard a comment from an IT acquaintance a few days ago when someone had told him that their passwords would take a million years to crack.
    His reply, “In reality a group of 12 million hackers around the world could have their computers connected to each other and searching 24/7 to crack a password and that would only take one month to crack.”
    I have dealt with people who use one password for everything, one instance, a senior lady for whom I maintain her computer, has two sons, the password (names changed) Peter2Darren) and refuses to change it, her excuse, easy to remember.
    The ‘horse to water’ syndrome is hard to eradicate.


    1. Hey Jonno,

      My daughter-in-law maintains a list of passwords and their respective accounts in plain text on her device, in case she forgets any. Oh boy!

    1. Hey David,

      Well spotted. Yes, they are all very weak passwords. Shocking to think that in this day and age people are still using these very weak passwords.

  3. Is saving your passwords in an Excel file that’s only on a flash-drive a better option than having the excel file on your hard drive?

    1. No, not really Tim. On a hard drive the file is open to spyware and anyone who has access to the PC. On a USB flash drive the file is open to anyone who can access the flash drive and still just as vulnerable to spyware whenever the flash drive is connected. That said, the main concern here is accessibility. I, for one, wouldn’t want all my passwords saved in plain text on a flash drive that is floating around. Fine if it is locked away in a safe and secure place.

      The best possible solution would be to password protect the Excel file as per the link included in the above comment (to Gary).

Comments are closed.

Scroll to Top


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!