Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Are you using one of these passwords? If so, it’s time for a change

The most common passwords used in 2021 have been revealed, and to call them an embarrassment would be an understatement to say the least.

According to a new report from NordPass, a service that provides a password manager program, a worrying amount of users still rely on extremely weak passwords.

Passwords locked on Mac.
Image used with permission by copyright holder

The top 200 most common passwords of 2021 study, covering 50 countries, reveals that “123456” remains as the most popular password for the second year running. More than 103 million people use it for log-in purposes, even though it’d take less than a single second to crack it.

Other frequently used passwords within the top 10 list largely consist of number-based passes like “123456789,” which is utilized by 46 million individuals. The only two that don’t contain a numerical form are “qwerty,” and of course, “password.” They’re applied by 22.3 million and 20.9 million users, respectively. 

When it comes to other bad password choices, a “stunning” number of people opted to make their own names as their preferred password. Elsewhere, Ferrari and Porsche are the most popular car brands in regard to weak passwords.

Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene.

While the vast majority of the top 200 most common passwords can be cracked in less than a second — or a few seconds in some cases — there are some that would take considerably longer to gain access to. “1g2w3e4r” and “gwerty123,” both used by a million people, would take three hours to crack. Interestingly, removing the “123” from “gwerty” makes it a much easier target, as it’ll only take five seconds to crack.

Rounding out the passwords in the list that’ll take between 1-3 hours to penetrate are “michelle,” “jennifer,” “myspace1,” and “zag12wsx.”

NordPass’s methodology for forming its research involved working with independent researchers who specialize in the cybersecurity incident research field. The most common password list was compiled via an evaluation of a 4TB database containing leaked passes.

“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” Jonas Karklys, CEO of NordPass told Lifewire. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”

Fixing the problem

So, how does one go about adding additional layers of security that will better protect their passwords? It goes without saying that no one should use “123456” as their entry point for any account — or any of the passwords in the aforementioned report for that matter. Password managers have become commonplace and are usually a reliable resort, while two-factor authentication should also be considered as another safety measure.

When factoring in their security deficiencies, passwords, in general, are naturally the most common target for hackers. In fact, 81% of hacking-related breaches are achieved through weak or stolen passwords.

“The single most common security vulnerability today is still bad passwords.”

“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year,” Microsoft detailed in September.

Apple, meanwhile, has integrated a newer form of tech into its devices through iCloud Passkey, which effectively gets rid of passwords and offers a more secure process via Public Key Cryptography.

Apple joins both Microsoft and Google in envisioning a future for passwordless authentication. Software giant Microsoft, for one, has already seen more than 200 million users enabling passwordless login for its services.

“The single most common security vulnerability today is still bad passwords,” Jen Fitzpatrick, senior vice president of core systems at Google, stated in May. “Ultimately, we’re on a mission to create a password-free future.”

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.

According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail, and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.

Read more
Alienware just changed everything you know about its desktops
Alienware Aurora R16 sitting on a desk.

Alienware's flagship gaming desktop is getting a serious makeover. The new Aurora R16, which is available to purchase now, ditches the angular, obtuse design of Alienware's previous models in favor of a design that feels familiar yet -- if you'll excuse the pun -- alien.

That's clear by looking at an image of the redesigned Aurora R16 above. It's a mid-tower box, much unlike a machine like the Aurora R15, with its massive footprint and large plastic covering that makes it feel much larger than it actually is. the Aurora R16 fits in much better now with the standard crop of gaming desktops, though it still has some unique design choices.

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more