In 2024, many people are still using passwords that are simple, popular, and often the first ones hackers try when attempting to break into accounts.
Researchers have identified the passwords that people are still using today, despite being extremely easy for hackers to crack.
So, the question is, are you using any of these unsafe passwords?
Why Common Words Make Bad Passwords
Think about it—hackers know the easiest tricks to crack passwords, and common words are their go-to targets.
Here’s another thing to consider: a survey’s findings report that 55% of people rely on memory for their passwords, and while that sounds convenient, it often means choosing something simple. On top of that, 35% of folks write their passwords down on paper at home. That’s risky! What if someone finds it?
And let’s not forget the issue with public Wi-Fi. Almost half of people (46%) admit they often use public networks to access work or personal data. If your passwords are weak, you’re making it even easier for hackers to break in when you’re on an insecure connection.
Top Passwords Hackers Love to Guess
Many people don’t give much thought to their passwords, whether for personal or work accounts. And that’s according to a report from NordPass in collaboration with software NordStellar, which analyzed a huge 2.5TB database of passwords from various sources, including the dark web.
So, what’s the world’s worst password? Well, it’s no surprise that “123456” has taken the crown again, and used 3,018,050 times! It’s simple, easy to remember, but also way too easy for hackers to guess. The analysis shows that people keep choosing passwords like this without much thought, which puts them at risk.
According to the analysis, it takes less than a second to crack any of these 10 passwords.
| Rank | Password | Time to crack it | # of times the password was used |
| 1. | 123456 | < 1 second | 3,018,050 |
| 2. | 123456789 | < 1 second | 1,625,135 |
| 3. | 12345678 | < 1 second | 884,740 |
| 4. | password | < 1 second | 692,638 |
| 5. | qwerty123 | < 1 second | 642,638 |
| 6. | qwerty1 | < 1 second | 583,630 |
| 7. | 111111 | < 1 second | 459,730 |
| 8. | 12345 | < 1 second | 395,573 |
| 9. | secret | < 1 second | 363,491 |
| 10. | 123123 | < 1 second | 351,576 |
There are other passwords you should avoid, too. For example, words like “computer” and “f-ckyou”—all of them showed up over 50,000 times in NordPass’ analysis and can be easily cracked. Don’t use the provocative “LetMeIn,” either!
The Dangers Of Reusing Passwords
Password reuse is a serious cybersecurity risk that you should avoid at all costs. Many people reuse the same passwords across multiple accounts or tweak old passwords by substituting characters, which can make them vulnerable to hackers.
In fact, more than two in three people use the same passwords across multiple accounts. That’s risky because if one account gets hacked, all your accounts are at risk. Even worse, 57% of people admit to just tweaking old passwords—like replacing “a” with “@” or “i” with “1” when updating them. While it might seem like a small change, it’s still predictable enough for hackers to figure out.
Now, some people try to be a bit safer by creating new combinations of words and numbers. 79% of people do this, but here’s the thing: using real words or common phrases can still be dangerous. Many of these words are easy for hackers to guess, especially if they’re dictionary words. Up to 42% of passwords have curse words in them.
Tools That Help Protect Your Passwords
When it comes to protecting your passwords, some tools and methods can make a big difference:
- Password Managers – These tools store all your passwords in one secure place. They can generate strong, random passwords for each account, so you don’t have to remember them all.
- Multi-Factor Authentication (MFA) – MFA lowers the chance of account breaches by 99.22%. So, even if someone guesses your password, they won’t be able to access your account without a second or third form of identification, like a code sent to your phone.
- Password Generators – Use password generators to make your passwords longer and combine in upper and lowercase letters, numbers, and symbols. The more complex, the harder it is for hackers to guess.
- Don’t Use Public Wi-Fi For Sensitive Activities – Public Wi-Fi networks are not secure. If you need to log into important accounts, wait until you’re on a private network or use a virtual private network (VPN).
- Don’t Open Emails And Click On Links From Unknown Sources – Phishing emails can look legitimate but are often designed to steal your personal information.
- Routine Password Updates – Change your passwords regularly and don’t use the same one for multiple accounts. It keeps your information fresh and harder for hackers to track.
Using these methods together can make your passwords much stronger and your accounts more secure.
FAQ
What Are The Most Common Passwords In 2024?
As mentioned above, the most common passwords used in recent years have included variations of “123456,” “password,” “qwerty,” and various curse words. These passwords are notoriously weak and easy to guess, so it’s important to choose strong, unique passwords for all of your online accounts to protect yourself from cybercrime.
How Secure Is Passwordless Authentication?
Passwordless authentication is generally considered more secure than traditional password-based authentication, as it eliminates the risk of password theft or hacking. Some passwordless authentication methods, such as biometric authentication (fingerprints, facial recognition, etc.) and token-based authentication (security keys, push notifications, etc.), can provide a higher level of security because they are more difficult to impersonate or spoof.
What Are Some Tips to Keep Your Accounts Safe?
The 2Secure team encourages using MFA for added security, requiring extra verification like a fingerprint or security code. Also, be cautious of emails, links, and apps from unknown sources, as phishing attempts may use tactics such as urgency (“Your account has been compromised!”) or familiarity (“Your Amazon order was cancelled!”) to lure people into clicking on these links or opening attachments that download malware onto their devices.
