The most common passwords of 2024
It’s that time of the year again. NordPass has released a report of this year’s most commonly used passwords.
- 123456
- 123456789
- 12345678
- password
- qwerty123
- qwerty1
- 111111
- 12345
- secret
- 123123
Those are the top ten. A lot of the remaining two hundred common passwords follow similar patterns, along with some common people’s names (e.g., “Daniel” and “Jennifer” but in all lowercase), names of cities and countries, a few sports and movies.
Almost all of the top 200 passwords can be cracked in less than a second. The 109th most common password, “woaini” (“wǒ ài nǐ”, the pinyin romanization of “我愛你”, minus the spaces and diacritics) fares a little better: it can be cracked in two minutes.
NordPass also compiled the list of the two hundred most common passwords in corporate contexts. That list is very similar.
Somewhere in the list I saw “cambiami”, Italian for “change me.” Presumably the user intended to change that password to something that takes longer than five seconds to crack, just never got around to it.
There’s not much reason for such unsafe passwords anymore. The major Web browsers, like Mozilla Firefox and Apple Safari, can create strong passwords for you, such “we^Wgv87if$s466ljk*((l”, and then fill those in for you when appropriate.
Even if you don’t see your password in any list of common passwords, your account could still be in danger if it lacks unexpected character combinations.
Security.org provides a tool that you can use to compare passwords like “qWerty” — crackable in milliseconds — to passwords like “^^pvhrmud6M3fkvsj” — which would theoretically take 93 trillion years to crack. By the way, the tool says “wǒàinǐ” would take eight hours to crack.
So if one of your passwords looks similar to one of these examples, a change might be in order, especially if it’s for something important, like your credit card account website.
You can read the full report on the NordPass website.