Racking your brains to come up with a strong password can be a pain. But if you want your emails, online banking, streaming platform credentials secure from the clutches of hackers, it would be wise to put in the effort.
NordPass, the password management tool from the team behind NordVPN, partnered with independent researchers to release its study of the 200 most common passwords used in 2023.
Of the world’s 20 most common passwords, 17 can be cracked in less than a second, so think twice before you decide to key in “123456” or the even more creative “password” to secure your online accounts.
The most popular passwords are some of the laziest combinations, even as cybersecurity threats continue to be on the rise with over 53 million U.S. citizens affected in the first half of 2022, according to AAG data.
The NordPass study showed that 86% of cyberattacks use stolen credentials, and online accounts, emails and passwords make up almost 20% of the most commonly sold items on the dark web.
To make sure your data stays safe, here are the world’s 20 most common passwords of 2023 — and how long it takes to crack each one:
Top 20 most common passwords of 2023
RANK | PASSWORD | TIME TAKEN TO CRACK | NUMBER OF TIMES USED |
1 | 123456 | < 1 Second | 4,524,867 |
2 | admin | < 1 Second | 4,008,850 |
3 | 12345678 | < 1 Second | 1,371,152 |
4 | 123456789 | < 1 Second | 1,213,047 |
5 | 1234 | < 1 Second | 969,811 |
6 | 12345 | < 1 Second | 728,414 |
7 | password | < 1 Second | 710,321 |
8 | 123 | < 1 Second | 528,086 |
9 | Aa123456 | < 1 Second | 319,725 |
10 | 1234567890 | < 1 Second | 302,709 |
11 | UNKNOWN | 17 Minutes | 240,377 |
12 | 1234567 | < 1 Second | 234,187 |
13 | 123123 | < 1 Second | 224,261 |
14 | 111111 | < 1 Second | 191,392 |
15 | Password | < 1 Second | 177,725 |
16 | 12345678910 | < 1 Second | 172,502 |
17 | 000000 | < 1 Second | 168,653 |
18 | admin123 | 11 Seconds | 159,354 |
19 | ******** | < 1 Second | 152,497 |
20 | user | 1 Second | 146,233 |
“Admin,” which has not been in the top 200 list for the past five years, came in at second place this year.
“It’s one of the passwords that people do not bother changing,” the report said. “Instead of improving password creation habits, internet users have gone in another direction by sticking to already pre-configured passwords.”
Despite some worthy contenders, “123456” has continued to top the ranking for the world’s most common password for the last five years.
“It was ranked as the most common password 4 out of 5 times. ‘Password’ held this not-so-noble title once,” the report said.
Password habits
For the first time, the study also revealed the most common passwords based on categories.
The No. 1 password for e-commerce sites, email accounts, electronic devices and streaming services is also “123456,” while “UNKNOWN” came in first for social media platforms, financial accounts and smartphones.
Names are also popular password choices for users around the world.
“Isabella” is the second most used password in Austria this year, while “Katerina” stood at the 11th place in Greece.
A combination of a name and number, such as “Flores123” came in at No.5 in Mexico and “Kento123!” was No. 17 in Malaysia.
U.K. residents’ love for football is reflected in their password choices with names of English Premiere League football clubs “liverpool,” “arsenal,” and “chelsea” claiming the 4th, 6th and 10th spot, respectively.
Out of the top 20 passwords in China, 11 of them were just numbers.
“Internet users in China often use numbers in their passwords. While ’123456′ is the most used password in the country, other numerical sequences, such as ‘111111,’ ‘000000,’ and ‘12345678’ are also widely popular,” NordPass highlighted.
On the other hand, users in the U.S. took a liking to using crude words, with “shitbird” coming in at 16th place.
Tips
Change your passwords regularly
Passwords should at least be 20 characters long and include numbers, uppercase and lowercase letters, and special symbols.
Refrain from using information like birthdays, names or common words.
Do not use the same password for more than one site.
Make the switch to passkeys where you can use a fingerprint, face scan or pin to access a device or application.