bad-passwords-feature-image

Top 200 Passwords – 2023

For the last five years, NordPass has been releasing the 200 most popular password list. They have just released their latest issue. In 2020, Jim Hillier reported on the NordPass list. Not much has changed since then.

Methodology

NordPass compiled the list in partnership with independent researchers specializing in researching cybersecurity incidents. They evaluated 6.6 Terabytes worth of data extracted from various publicly available sources, including those on the dark web from 35 countries. These passwords were stolen by various stealer malware, such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot. They further classified the data into eight verticals: e-commerce, Social Media, Financial, Email, Gaming, Productivity Tools, Smartphone, and Streaming.

Here are the top 20 most popular passwords of 2023:

RANK PASSWORD TIME TO CRACK IT  COUNT
1 123456 < 1 Second   4,524,867
2 admin < 1 Second   4,008,850
3 12345678 < 1 Second   1,371,152
4 123456789 < 1 Second   1,213,047
5 1234 < 1 Second      969,811
6 12345 < 1 Second      728,414
7 password < 1 Second      710,321
8 123 < 1 Second      528,086
9 Aa123456 < 1 Second      319,725
10 1234567890 < 1 Second      302,709
11 UNKNOWN 17 Minutes      240,377
12 1234567 < 1 Second      234,187
13 123123 < 1 Second      224,261
14 111111 < 1 Second      191,392
15 Password < 1 Second      177,725
16 12345678910 < 1 Second      172,502
17 000000 < 1 Second      168,653
18 admin123 11 Seconds      159,354
19 ******** < 1 Second      152,497
20 user 1 Second      146,233

Sequential number passwords remain very popular with “123456” topping the list. Twelve out of the top twenty most used passwords consist of various numerical combinations. The top five most common passwords have over 12. million users. Of the top twenty most used passwords, all but two (“UNKNOWN” and “admin123”) take under a second to crack.

Some Interesting Findings

Streamers do not like strong passwords. Compared to the seven other categories (which already have poor passwords), streamers choose the poorest passwords of all.

“123456” has been in the number 1 or number 2 spot every year throughout the lifetime of this study as the world’s worst password.

In fact, the list of worst passwords has not changed much over the past five years, as you can see in this image:

Jim’s 2020 Advice

What Jim said in 2020 is still true today. First, ALWAYS use strong passwords. Second, NEVER use duplicate passwords for accounts that contain sensitive information such as banking, credit cards, etc.

Best Practices

A password manager is an essential part of internet security. Password managers allow users to have strong and unique passwords for every site they visit on the internet. Two good cloud-based password managers are Bitwarden and 1Password. I currently have a premium subscription to both (overkill but I’ve been testing 1Password recently). Jim Hillier recommends Bitwarden’s free version if you do not need the premium features. If you prefer a password manager with local credential storage, the DCT recommended KeePass is an excellent choice – I used it for years before switching to Bitwarden.

It is also important to have a strong password to protect this password manager. See my Ultimate Guide To Create A Master Password – Part 1 and Part 2 on how to do this.

If you ignore our advice to use a password manager, at least create better passwords than those that are on this list. You will not be as secure as if you use a password manager, but you will be more secure than most. See Jim Hillier’s Creating Strong But Easily Remembered Passwords.

Leave a Comment

Your email address will not be published. Required fields are marked *

Exit mobile version