Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Are you using one of these passwords? If so, it’s time for a change

The most common passwords used in 2021 have been revealed, and to call them an embarrassment would be an understatement to say the least.

According to a new report from NordPass, a service that provides a password manager program, a worrying amount of users still rely on extremely weak passwords.

Passwords locked on Mac.
Image used with permission by copyright holder

The top 200 most common passwords of 2021 study, covering 50 countries, reveals that “123456” remains as the most popular password for the second year running. More than 103 million people use it for log-in purposes, even though it’d take less than a single second to crack it.

Recommended Videos

Other frequently used passwords within the top 10 list largely consist of number-based passes like “123456789,” which is utilized by 46 million individuals. The only two that don’t contain a numerical form are “qwerty,” and of course, “password.” They’re applied by 22.3 million and 20.9 million users, respectively. 

Please enable Javascript to view this content

When it comes to other bad password choices, a “stunning” number of people opted to make their own names as their preferred password. Elsewhere, Ferrari and Porsche are the most popular car brands in regard to weak passwords.

Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene.

While the vast majority of the top 200 most common passwords can be cracked in less than a second — or a few seconds in some cases — there are some that would take considerably longer to gain access to. “1g2w3e4r” and “gwerty123,” both used by a million people, would take three hours to crack. Interestingly, removing the “123” from “gwerty” makes it a much easier target, as it’ll only take five seconds to crack.

Rounding out the passwords in the list that’ll take between 1-3 hours to penetrate are “michelle,” “jennifer,” “myspace1,” and “zag12wsx.”

NordPass’s methodology for forming its research involved working with independent researchers who specialize in the cybersecurity incident research field. The most common password list was compiled via an evaluation of a 4TB database containing leaked passes.

“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” Jonas Karklys, CEO of NordPass told Lifewire. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”

Fixing the problem

So, how does one go about adding additional layers of security that will better protect their passwords? It goes without saying that no one should use “123456” as their entry point for any account — or any of the passwords in the aforementioned report for that matter. Password managers have become commonplace and are usually a reliable resort, while two-factor authentication should also be considered as another safety measure.

When factoring in their security deficiencies, passwords, in general, are naturally the most common target for hackers. In fact, 81% of hacking-related breaches are achieved through weak or stolen passwords.

“The single most common security vulnerability today is still bad passwords.”

“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year,” Microsoft detailed in September.

Apple, meanwhile, has integrated a newer form of tech into its devices through iCloud Passkey, which effectively gets rid of passwords and offers a more secure process via Public Key Cryptography.

Apple joins both Microsoft and Google in envisioning a future for passwordless authentication. Software giant Microsoft, for one, has already seen more than 200 million users enabling passwordless login for its services.

“The single most common security vulnerability today is still bad passwords,” Jen Fitzpatrick, senior vice president of core systems at Google, stated in May. “Ultimately, we’re on a mission to create a password-free future.”

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
I tested two open-source password managers, and one is clearly better
Bitwarden and Proton Pass pricing appears in a split-screen on a PC monitor.

If you’re searching for an open-source password manager, two names will undoubtedly rise to the top of your list: Bitwarden and Proton Pass. Both are well-rated and offer affordable subscription plans and excellent free versions.

The only challenge is the difficulty of choosing which is the best password manager. I recently reviewed Proton Pass Plus and Bitwarden Family in hope that a hands-on comparison might help identify little details that can make a big difference in daily use.
Tiers and pricing
Bitwarden and Proton Pass pricing in a split-screen comparison. Digital Trends

Read more
You may be a victim in one of the worst data breaches in history
A person using a laptop with a set of code seen on the display.

Background check company National Public Data -- also known as Jerico Pictures -- suffered what is reportedly one of the most significant data breaches in history, affecting 2.9 billion personal records that leaked sensitive data such as Social Security numbers and more, as mentioned in a class-action lawsuit document and sourced by Bloomberg Law. What's even worse is that it's not known how the breach happened in the first place -- or who has been included in it.

Before getting into it, it's worth noting that National Public Data has not confirmed the breach yet, so there's a lot of information that's only coming from the lawsuit or the hacking group. That means some of the figures will need to be taken with a grain of salt. Still, it doesn't sound good.

Read more