What are the world’s worst passwords?

World Password Day highlights why passwords still play a vital role in securing our digital environments, even if they do need augmenting with newer, stronger authentication methods.


“Why do I need a password to buy groceries” is a complaint many of us must have muttered whilst filling out yet another tedious ‘Forgotten Password’ form when trying to shop online. Amidst the struggle to remember how to spell your mother’s maiden name or recall who your favourite schoolteacher was, you’d likely be forgiven for thinking that passwords are a waste of time. Yet, once you are safely logged back into your account and the red mist has cleared, you slowly remember that if any random person could access your account without verifying who they are, they could learn a whole lot more about you than your questionable fondness for Rice Krispies.

As the website pulls up your saved delivery address and card payment details, it becomes clear that without a password to protect this information you’d be giving others unnecessary insight into your life, and for malicious cybercriminals, this information could be used to devastating effect.

However, just because you have a password in place to protect your shopping orders, it doesn’t mean it’s a good one. Often, the easiest passwords to remember are the most dangerous to use from a security perspective. Nordpass recently identified 200 of the most common passwords in circulation, and they include all of the classics you’d expect, from 123456 and qwerty, to iloveyou and football.

Below, we’ll look at some of the worst offenders on the list and then hear from security experts about safe password practices, and why multi-factor authentication and password managers may just be the best future for password security.

What passwords should you avoid?

Nordpass’ research highlights that 49 of the 50 most common passwords take less than a second for cybercriminals to crack. The only outlier amongst these is “aa12345678” which takes a whopping two seconds for codebreakers to guess. It doesn’t get much better from there. When looking at the full list, only a handful would take codebreaking software more than an hour, and the longest time quoted by Nordpass for any of the top 200 choices would be three hours. Admittedly, myspace1 might only take so long to crack because codebreakers forgot MySpace was ever a thing, much like the rest of the population.

To continue reading this article register now