World’s Worse Passwords Revealed By NordPass

The issue of weak password security has raised its ugly head again, after research from password manager NordPass listed the world’s passwords used in 2020.

And its research makes for grim reading for security professionals, due to the fact that of the 200 worst passwords, “123456” was listed (again) as the most commonly used of 2020.

To make matters worse, a staggering 2.5 million people chose this password, which according to NordPass can take less than a second to crack.

Weak passwords

NordPass conducted its research by examining a database containing 275 million passwords.

It found that top 10 most common passwords were as follows:

1. 123456
2. 123456789
3. picture1
4. password
5. 12345678
6. 111111
7. 123123
8. 12345
9. 1234567890
10. senha (which is Portuguese for ‘password’)

Most of the passwords on this above listed can be cracked within seconds, the firm warned.

“According to research, the majority of people use simple and easy-to-remember passwords, because it’s convenient,” said NordPass. “But the problem is that most memorable passwords are highly vulnerable to cracking.”

The NordPass research also revealed that last year the password “onedirection” came 184th on the list. But this year, it didn’t make the top 200 list at all.

“Ashley” was the most popular name used as a password last year (26th place). But in 2020, not only did it drop to the 31st position, but was also beaten by “aaron431” (18th place), which became the most popular name for a password.

And the research found that less than half of the passwords (78 of them) were new to the 2020 “most popular” list.

Strong passwords

NordPass recommends that people avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For example, “password”, “qwerty”, or “123456” are terrible passwords, as they are too easy to crack.

Also, people are advised to refrain from repetitive characters, such as “aaaa” or “123abc”, and under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.

The best way to create strong passwords is to never reuse passwords across multiple accounts.

NordPass says people should create a unique one for each account and make them long – don’t settle for anything shorter than 12 characters, even more if possible. Throw in a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting passwords cracked.

And it advises people to change their passwords at least every 90 days, and maybe consider using a Password Generator to generate robust passwords, or use a password manager to avoid ‘password fatigue’.

Long running problem

Despite this advice, it seems that people rarely change their insecure password practices.

In 2014 for example Silicon UK reported on research that found that “password” was no longer the most popular password on the Internet, having being displaced by the ludicrous “123456”.

Six years on and it remains the most popular worse password.

In 2019 the National Cyber Security (NCSC) published its ‘UK cyber survey’ and revealed the most hackable passwords that people were still using.

It found that 23.2 million people still use “123456” as their password. 7.7 million people use “123456789” and 3.6 million people use “password” as their password.

And the NCSC also found that people are still using very easy to guess passwords, with the top ranking passwords used being names of football teams (i.e liverpool), musicians (blink182), and fictional characters (superman).