Passwords play a crucial role in safeguarding our personal information, yet they often lack the necessary level of personalization, rendering them susceptible to easy circumvention. NordPass, a company dedicated to assisting users in generating and securing passwords, has released its annual compilation of commonly used passwords, revealing a lack of creativity among users.
In collaboration with independent researchers who scrutinized 4.3 terabytes of data sourced from publicly available outlets, NordPass ensured the absence of any compromised personal data. Analyzing data from 35 countries across eight diverse platforms, the study identified that frequently used passwords often consist of simple numerical sequences.
At the top of the list is the unimaginative “123456,” encountered more than 4.5 million times and crackable in less than a second. Similarly vulnerable is “admin,” used over 4 million times. Other prevalent choices include numerical strings like “1234,” “12345678,” and the slightly longer “123456789.” These passwords, despite their apparent variation, remain widely used and susceptible.
Common words like “password” and the misspelled “UKNOWN” also pose minimal resistance, taking less than a second and 17 minutes to crack, respectively. Even seemingly complex variations like “P@ssw0rd” prove insufficient, with a crack time of less than a second and 135,424 occurrences.
The list extends to series of letters, such as “qwertyuiop,” formed by running a finger across the top keyboard line. Despite the illusion of complexity, it was counted 79,434 times and takes less than a second to crack.
NordPass further categorizes password data by country, revealing predictable choices like “123456,” “password,” and “admin” dominating the U.S. list. Surprisingly, the 16th most common password is “sh**bird,” encountered 4,230 times and taking five minutes to crack.
The report also highlights platform-specific influences on password choices. For e-commerce sites like Amazon, the fourth most common password is predictably “amazon.” Meanwhile, streaming sites exhibit notably insecure passwords, with “netflix” ranking high in common usage.
Despite technological advancements making passwords more resilient, NordPass emphasizes the persistent threat of malware attacks. Recommendations include crafting robust passwords with a minimum of 20 characters, incorporating a mix of upper and lower case letters, avoiding easily guessable information like birthdays, and using distinct passwords across various platforms.
