Most common passwords are still frustrating

NordPass collaborated with the threat exposure management platform NordStellar to examine a 2.5TB database of passwords obtained from public sources, such as data dumps and malware-compromised accounts. The world's most used passwords are still "alarmingly predictable and insecure," according to a new analysis.

By examining the email addresses connected with the accounts, the researchers were able to differentiate between personal and business passwords. For the second year in a row, the password "123456" remains the most used password in the world.

Aside from "123456," several other more obvious easily-guessed passwords made it into the top ten, including "123456789," "qwerty123," "111111," and the more fascinating "password."

Users provide insight on what people are interested in and like. Sports team names like "Liverpool" in the United Kingdom and the restaurant "lizottes" in Australia appeared on the lists for their respective countries. The Finnish and Hungarian equivalents of "password" - "salasana" and "jelszo" - were prominent in respective countries.

While a small fraction attempted to make things a little finer with names like "P@ssw0rd," these tactics were still insufficient. The researchers claim that these'safe' passwords can be hacked in less than a second.

Here are the top 10 most common passwords:

1. 123456
2. 123456789
3. 12345678
4. password
5. qwerty123
6. qwerty1
7. 111111
8. 12345
9. secret
10. 123123

"After analysing 6 years of data, we can say there hasn't been much improvement in people's password habits," according to the team behind NordPass. "So, despite many organisations trying to raise awareness, the problem is as alive as ever."

NordPass recommends that if your password is on this list, you change it to something more imaginative and secure, or even attempt passkeys. Passkeys, a new method of authentication supported by Apple, Google, and Microsoft, are a far more secure alternative to passwords. Rather than forcing users to construct and remember complex strings of characters, they employ biometric data or device-specific cryptographic keys to authenticate them.