Password manager provider NordPass has published its annual list of the most common passwords – with shocking results. Many users continue to rely on simple combinations such as “123456”, “password” or “qwerty”. Such passwords can be cracked by hackers in seconds and offer virtually no protection against unauthorized access. NordPass created the list using data collected from global security breaches. What is striking is that the trends hardly change compared to previous years.
The top 10 most common passwords in 2024:
| Passwords: |
| 123456 |
| 123456789 |
| password |
| 12345678 |
| qwerty |
| 12345 |
| 1234567 |
| qwerty123 |
| 111111 |
| 123123 |
Regional preferences for insecure passwords
Interestingly, there are differences in the choice of password depending on the country. In Germany, terms like “hello”, “password” or names like “schatz” and “hans” are often used. In the USA, sports terms like “baseball” or “football” are among the favorites. Britain is showing a preference for football clubs with passwords like “liverpool” and “arsenal.” These regional patterns make the job of cybercriminals easier. You can systematically try out common terms that are culturally or regionally relevant in so-called dictionary attacks.
How a small leak gets bigger and bigger
According to NordPass, many people use their insecure passwords multiple times for different accounts, so a data leak from one provider can quickly give access to many other services. If hackers get access to the access data, they can not only steal private information, but also misuse identities, block accounts or make ransom demands. According to NordPass, a good password is at least 12 to 16 characters long and combines upper and lower case letters, numbers and special characters.
Passkeys: The future without passwords
A promising development in the area of online security are the so-called passkeys. This technology, supported by Apple, Google and other pioneers, replaces traditional passwords with cryptographic key pairings. The advantage: Users don’t have to remember passwords and hackers can’t steal access data through phishing.
