By now, you probably know that using weak passwords is a terrible idea. They can be easily guessed by hackers, and they leave your online accounts at risk of being compromised. However, many people still use weak passwords out of convenience or forgetfulness.
In this blog post, we will discuss the 10 most common passwords today and why you should avoid them at all costs. We will also provide tips on how to create a strong, secure password that can protect your online accounts.
Most common passwords
Recent studies — including ones conducted by NordPass, Cybernews, and CNBC — seem to have a general consensus on the most frequently used passwords, with the top two being identical across numerous sources.
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
Number and letter sequences are a hacker’s dream because they are highly predictable. Even if you switch things up a bit, like adding special characters or capitalizing the first letter, these passwords are still among the most popular and easily guessed.
But even if you don’t use these common passwords, your online account may still be vulnerable if you make these other common password mistakes:
Using names and birthdates
Personal information like your name, birthday, or address can be easily obtained by hackers. They can simply look up your profile or search for your information on social media or other public records.
As individual names and birthdates are varied, they don’t appear on any lists of commonly used passwords. However, these elements are two of the most popular choices for password creation, so hackers know to try them first. In fact, Cybernews’ research uncovered that each birth year from 1975 to 2010 is included in at least 3 million out of the 15 billion passwords they analyzed. Of those, an astounding 10 million contain the year 2010.
Using names of cities and sports teams and other location-specific elements
Like names and birthdates, these elements, while not appearing in any list of common passwords, are easy to figure out. All a hacker needs to do is research their target and they have a good chance of being able to guess the password.
In the same Cybernews research, 1 million passwords contained the terms “abu” and “rome.” Likewise, well-known sports teams Liverpool, Arsenal, and Chelsea each featured in more than 600,000 passwords.
Using a capital letter at the beginning and numbers and special characters at the end
It’s not uncommon for websites and apps to require passwords that contain a combination of capital letters, numbers, and special characters with specified lengths. Unfortunately, users often address these requirements in a predictable way: they’ll simply add a capital letter at the beginning and/or numbers and special characters at the end of their usual password. Many people reuse passwords, so using this pattern on one site may make it easy to guess the same password somewhere else.
| Related reading: NIST’s password guidelines: What you need to know |
Creating secure passwords
At this point, it’s evident that the most common passwords are best avoided. However, creating a strong, secure password can be tricky. So what should you do?
To protect yourself from the common pitfalls of password creation, consider using a password manager. These specialized programs store your passwords securely and generate strong ones that are almost impossible to guess. You just have to remember your master password, which should be unique and complex enough to stand up to any potential attack.
If you don’t want to use a password manager, at least try to create passwords that are as unique and unpredictable as possible. Online password generators can help with this. Or, you can use the passphrase method, which entails creating a sentence that only you would know and using the first letter of each word as your password. Don’t forget to mix up the capitalization and add special characters or numbers to make your password harder to crack.
By following these tips and avoiding common passwords, you can keep your online accounts safe from malicious hackers.
For more online security tips, get in touch with our team of cybersecurity experts at Refresh Technologies.