Let’s be honest: How many times have you used something like “123456” or “123123” as your password? With so many online accounts to juggle, it’s tempting to go for simple passwords, even though we know they’re weak. Unfortunately, a report from NordPass shows we’re still making the same mistakes when it comes to keeping our accounts secure.
2024’s most popular (and insecure) passwords
NordPass has released its compilation of the top 200 most popular passwords used for personal and business purposes. Collaborating with threat management company NordStellar, NordPass analyzed a massive 2.5TB database of global passwords, including those sourced from the dark web. Spoiler alert: They’re still shockingly insecure.
The password hall of shame
We’re all guilty of using weak passwords at some point, but the extent of this digital negligence is truly staggering. For the sixth consecutive year, “123456” claims the dubious honor of being the most common password used by over 3 million people.
It’s followed closely by its slightly more “complex” cousins: “123456789” and “12345678.” But wait, it gets worse. The password “password” still ranks high on the list, used by nearly 700,000 people. It’s as if we’re collectively daring hackers to break into our accounts.
Top 10 most common passwords
Here are the top 10 most common passwords of 2024, according to NordPass:
1) 123456
2) 123456789
3) 12345678
4) password
5) qwerty123
6) qwerty1
7) 111111
8) 12345
9) secret
10) 123123
Corporate carelessness
You might think that in professional settings, where sensitive data is at stake, people would be more cautious. Think again. The corporate world mirrors personal password habits alarmingly closely. The same weak passwords dominate business accounts, with “123456” leading the pack, used in over 1.2 million instances.
The consequences of weak passwords
Using such easily guessable passwords is like leaving your front door wide open in a neighborhood full of burglars. These passwords can be cracked in less than a second, potentially leading to account compromise, identity theft and a host of other digital nightmares.
Strengthening your digital defenses
So, how can we break this cycle of password mediocrity?
1) Go long: Aim for passwords that are at least 20 characters long.
2) Mix it up: Use a combination of uppercase and lowercase letters, numbers and special symbols.
3) Unique is key: Never reuse passwords across multiple accounts.
4) Regular reviews: Periodically assess and update your passwords.
5) Consider using a password manager: A password manager will securely store and generate complex passwords. It will also help you to create unique and difficult-to-crack passwords that a hacker could never guess. In addition, it keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
What qualities should I look for in a password manager?
When it comes to choosing the best password manager for you, here are some of my top tips:
- Deploys secure
- Works seamlessly across all of your devices
- Creates unique complicated passwords that are different for every account
- Automatically populates login and password fields for apps and sites you revisit
- Has a browser extension for all browsers you use to automatically insert passwords for you
- Allows a fail-safe in case the primary password is ever lost or forgotten
- Checks that your existing passwords remain safe and alerts you if ever compromised
- Uses two-factor authentication security
6) Start using passkeys: Passkeys are designed to replace traditional passwords and are steadily gaining traction, particularly among major companies and websites. Far more secure and reliable than conventional passwords, passkeys enable automatic sign-ins to websites and apps using facial recognition, fingerprint authentication or a physical security key.
