NordPass released their annual report of commonly used passwords again.
Feature Image Attribution (Grok 3 beta)
Top 10 Passwords
For the second straight year, “123456” is the most commonly used password globally by a lot. It doesn’t get much better as you work down the list. NordPass 2024 Top 200 Passwords.
| Rank | Password | Time to Crack | Count |
|---|---|---|---|
| 1 | 123456 | < 1 second | 3,018,050 |
| 2 | 123456789 | < 1 second | 1,625,135 |
| 3 | 12345678 | < 1 second | 884,740 |
| 4 | password | < 1 second | 692,151 |
| 5 | qwerty123 | < 1 second | 642,638 |
| 6 | qwerty1 | < 1 second | 583,630 |
| 7 | 111111 | < 1 second | 459,730 |
| 8 | 12345 | < 1 second | 395,573 |
| 9 | secret | < 1 second | 363,491 |
| 10 | 123123 | < 1 second | 351,576 |
Note the time to crack the 10 most commonly used passwords is under one second. That’s with typical hardware that anyone can buy – not anything fancy. It’s that easy.
If you filter by country you’ll notice words that mean “password” in their dialect. Example in Romanian:
Password Methodology
Per the report:
…reviewed and analyzed a 2.5TB database extracted from various publicly available sources, including those on the dark web.
That’s an impressive sample size of leaked passwords! 2.5TB of text must be huge – and that may have been the compressed size.
Findings
The report gives a few key findings:
- Somehow “123456” has consistently won first place
- Corporate passwords are in alignment with personal passwords. This is what password reuse does and why it is so bad.
- After 6 years of reporting the situation hasn’t really improved.
Conclusion
Weak passwords are a people problem – not a technical problem. The solutions have been around for a long time. Password managers are the best way for the vast majority of people online to manage their credentials.
In the end, “it’s not a hack, it’s barely social engineering. It’s more like natural selection”.
(Video NSFW – language)
Thanks for reading!
You Might Also Like