123456 is the most popular password of 2021

The annual list of the year’s most used passwords has been released by the team of NordPass, a password manager developed by the same company behind VPN service NordVPN. “123456”, “123456789”, “qwerty”, and “password” remain some of the most popular passwords used by users.

 

 

The passwords in NordPass’s list of top 200 are collected from various data breaches and hacks that happened in 2021. NordPass also collaborated with independent researchers specializing in research of cybersecurity incidents to evaluate a 4TB database and put the passwords into a list. The list contains passwords of users from 50 different countries.

The top 10 most used passwords worldwide in 2021 are:

• 123456 (used 103,170,552 times)
• 123456789 (used 46,027,530 times)
• 12345 (used 32,955,432 times)
• qwerty (used 22,317,280 times)
• password (used 20,958,297 times)
• 12345678 (used 14,745,771 times)
• 111111 (used 13,354,149 times)
• 123123 (used 10,244,398 times)
• 1234567890 (used 9,646,621 times)
• 1234567 (used 9,396,813 times)

According to NordPass, the most used password “123456” was used more than 100 million times.

Names often appear on the list as well:

• Michael (used 1,337,330 times)
• Daniel (used 1,289,528 times)
• Ashley (used 1,153,740 times)
• Charlie (used 1,056,149 times)
• Jessica (used 1,042,625 times)

Filtering the list via country reveals that names as passwords are not only common in the US but also in countries like Japan. For example, these are the names most commonly used as passwords in Japan:

• Sakura
• Takahiro
• Masahiro
• Hiroyuki
• Yamamoto

In countries like South Korea and China, variations of “123456”, “password”, and “qwerty” are most widely used as passwords.

Swear words also appear high in the list. “perkele” meaning “god damn” in Finish is 5th place, “lopas” meaning “dense” in Lithuanian is 7th place, “lammas” meaning “moron” in Estonian is 7th the list, in their respective countries.

All of the passwords in the list are considered to be very weak. Not only have they been leaked countless of times, the majority of the passwords in the list can be cracked in less than a second. If any of your passwords appear in this list, you need to change it/them immediately.

How to create a strong password?

Creating a strong password is one of the two most important things you need to do to protect any online account. The second is enabling two-factor authentication.

If you’re not very familiar with cybersecurity, you may be wondering what exactly is a strong password. Generally, a strong password is made up of upper and lower case letters, numbers, and symbols. Essentially, the less sense a password makes, the harder it is to crack. For example, taking the 111th password on the list “pokemon” (which takes less than a second to crack) and changing a few lowercase letters into uppercase, adding numbers, and mixing in symbols would make the password much harder to crack. You could also add a couple of completely unrelated words to it to make it harder to crack. You can come up with your own “encryption” system to make the passwords easier to remember as well. However, no matter how strong a password is, you should never use it on more than one account.

For users who have many accounts, keeping track of all the complex passwords can be a difficult task. Using a password manager is a good option in such cases. Using such a tool is easy, you set up your account, create a strong password for the password manager account, store your other passwords, and only remember the password to the password tool. When you want to log in somewhere, the password manager will automatically fill in your login credentials for you. This will also prevent successful phishing attacks because your password manager will not fill in your information when you visit a phishing site and try to log in. However, it’s important to choose a reliable password manager that will not leak your information. Password managers also not only store passwords but also generate strong ones.

Lastly, we wish to stress the importance of setting up two-factor authentication (2FA) when it’s available. If you do not know what that is, two-factor (or multi-factor) authentication is an additional security measure that would require you to put in a code in order to log in, after you put in your password. There are different types of 2FA, such as SMS, app, authentication key, etc. Some are more secure than others, but any 2FA is better than none. For example, SMS 2FA is very susceptible to SIM swap attacks where attackers trick mobile service providers to transfer victims’ phone numbers to their SIM cards. Thus, it’s recommended to use either an app (e.g. Google Authenticator) or authentication keys.

When an account is protected with 2FA, it’s much more difficult to hack into the account because attackers would need to obtain the authentication keys as well. One way that can be done is if the computer on which a user may be trying to log in is infected with a trojan. The trojan would log the keys and immediately transfer the data to the attackers controlling it, allowing them to get into the account. Thus, it’s important to have a reliable anti-virus program installed on the computer.