Do you use “123456” as a password? Well, you’re not alone, as at least three million other users also use this (very bad) password. NordPass has released its 2024 Top 200 most used passwords list, and the usual suspects are present and accounted for.
The password manager’s list of the most commonly used passwords is pulled from a 2.5TB dataset of stolen logins taken from various sources, including the dark web. NordPass says no personal data was acquired or purchased to conduct this study.
We analyzed passwords stolen by malware or exposed in data leaks. In most cases, they were leaked with email addresses, allowing us to distinguish between corporate and personal credentials by domain name.
The most used password worldwide is an old standard that’s been used since the dawn of computer security—”123456″—which also took the top spot last year (its been the most popular password five years out of six).
The top 10 most popular personal passwords for 2024 are:
The top 10 most popular corporate passwords for 2024 are:
As you can see above, the most common passwords people use at work are nearly identical to the passwords they use in their personal lives.
NordPass notes that “78% of the world’s most common passwords can be cracked in less than a second, which yet again reminds us to avoid popular words or keyword combinations in passwords.” Other commonly used passwords on the list—like “family,” “matthew,” or “Indya123” —can be cracked in less than 20 minutes.
NordPass says that despite the best efforts of security experts and organizations, there has not been any improvement in the security of passwords.
It suggests using passkeys whenever available. Passkeys are a replacement for passwords based on FIDO standards. Passkey technology combines biometric verification with cryptographic keys, offering a safer and more convenient alternative to passwords.
While not all websites use passkeys, the number of sites offering it as a login option increases everyday. Several large companies and popular websites already offer a passkey option, including Google, Amazon, eBay, Nintendo, GitHub, Microsoft, PayPal, and many more.
Since not all website offer passkey login, users should take steps to make sure their passwords are secure and unique. Mactrast strongly recommends using a password manager, such as 1Password (my personal favorite) or Apple new Passwords app, which is available on the iPhone, the iPad, and the Mac. Both 1Password and Passwords can generate new passwords for you, and can ensure that none of your passwords have been duplicated.
(Photo by Volodymyr Kondriianenko on Unsplash)