The Worst Passwords of 2024: Are You Still Using One of These?

Did you know that over 80% of hacking-related breaches happen because of weak or reused passwords? It might sound shocking, but millions worldwide still rely on predictable, insecure passwords, putting their personal and financial information at risk.

Every year, NordPass - a leading password management provider - releases a detailed analysis of the most common passwords people use globally. Despite countless warnings and data breaches, weak passwords like 123456 or password are still at the top of the list. In their words - our password habits are still really bad.

Have you ever wondered: "How secure is my password?" Well, if you are using one of the passwords on the NordPass's list, you’re practically handing over the keys to your data to the cyber criminals. Read on to see if your password made the list and learn how to create strong, uncrackable alternatives.

Read the results of their findings: Full list of the most commonly used passwords in 2024.

The Dangers of Weak Passwords

Using a weak password is like locking your front door with a piece of string - it won’t keep out determined intruders. Cybercriminals use sophisticated tools to test thousands of password combinations per second, and weak passwords are guessed almost instantly.

Here’s why weak passwords are a major risk:

• Identity Theft: Hackers can access your accounts to impersonate you, steal your identity, and commit fraud.
• Financial Loss: Weak passwords on banking apps or payment platforms can lead to unauthorised transactions.
• Privacy Breaches: Hackers can access emails, photos, and messages, exposing private and sensitive information.
• Account Takeovers: Once hackers crack one password, they can often access other accounts if you reuse the same password.

Major data breaches, like those affecting LinkedIn, Facebook, or financial institutions, often expose millions of passwords. If your password is weak or reused, it could already be circulating on the dark web. Read more about The Dangers of Password Database Breaches and the Importance of Preventive Measures.

The Worst Passwords of 2024

Each year, NordPass’s research sheds light on the world’s worst offenders and most commonly used passwords. These passwords follow predictable patterns, making them the easiest targets for hackers.

1. 123456 – 123456 wins again. Used by millions worldwide and cracked in less than a second.
2. 123456789 – Adding more numbers doesn’t make it stronger.
3. 12345678 – Another slight variation of weak numeric patterns.
4. Password – It’s simple, it’s obvious, and it’s utterly insecure.
5. qwerty123 – A common keyboard sequence that’s far too easy to guess, the same as the next one.
6. qwerty1
7. 111111 – Repeating digits make for very weak passwords.
8. 12345 – Too short and incredibly common.
9. secret - A secret it is in unfortunately not.
10. 123123 - A predictable sequence.

What common categories of words do people usually use when creating bad passwords and examples of bad passwords for each category:

• Names: People often use their names, nicknames, or loved ones’ names as passwords. Think michael or emma.
• Dates and Numbers: Birth years like 1990 or combinations like 123123 are extremely common.
• Pop Culture: Football teams, movie characters, and celebrities often appear in passwords (e.g., Liverpool, Batman).
• Keyboard Patterns: Sequences like asdfgh or zxcvbnm might seem clever but are still predictable.

Interestingly, the most popular worst passwords also vary by country. NordPass's research highlights cultural and regional trends in password usage. In the UK, football teams and/or city names like liverpool, arsenal, chelsea appear close to the top, along with variations of passwords in the worldwide top 10 list. For the United States, the winner is the not-so-secret secret, with iloveyou still close to the top ten list. Brazil, Spain, Mexico, Chile and Colombia patriotically have their country names in the top 10, while Canada loves their hockey. Czech Republic prefers names like martin, michal, and monika, similar to Denmark's rasmus, jesper and anders. India strangely loves the password lemonfish, and South Africa prefers the snowbear, while Portugal has familia in the top ten. While these differences are interesting to look at, they highlight, we're just universally still bad at passwords worldwide.

How to Create Strong Passwords?

So, how can you make sure your passwords aren’t on the list of the worst ones? Here are some practical tips for creating strong and secure passwords:

• Make your passwords Long and Unique: Use at least 12 characters. The longer your password, the harder it is to crack.
• Mix It Up: Combine uppercase letters, lowercase letters, numbers, and special characters (e.g., *&^%$#).
• Avoid Using Personal Information: Never use birthdays, names, pets, or favourite teams - these can be guessed or found online.
• No Common Words or Patterns: Avoid dictionary words, keyboard sequences, or predictable phrases like password123.
• Use Passphrases: Combine unrelated words or phrases. For example, “Orange$Candle7Sky” is much harder to guess.
• Create Unique Passwords for Each Account: If one account is hacked, the others will remain secure.
• Regularly Check and Change Your Passwords to keep your accounts secure.

NordPass compared the 10 most common personal passwords to those most commonly used in the corporate world. They found out the lists are almost identical. This shows that people tend to use the same weak passwords at work as well as at home. See the full list of the most common passwords.

Why Use a Password Manager?

Creating unique, complex passwords for every account is difficult, remembering them all is even harder. That’s where password managers come in.

Password management tools like NordPass, LastPass, Bitwarden, or Password Depot help you generate strong, random passwords and store them securely. Your passwords are saved in an encrypted vault that only you can access.

Read more about passwords managers in our blog: World Password Day 2024: Secure Your Digital World with a Password Manager.

They help you with autofill logins. There is no need to memorise passwords, password managers autofill them securely on your devices. They protect you against phishing attempts by only filling in login credentials on legitimate websites. Using a password manager not only enhances security but also makes your life easier.

The message is clear - weak passwords are an open door for hackers. If your password is on NordPass’s list, it’s time to make a change. Creating strong, unique passwords doesn’t have to be difficult. Use our helpful tips and password security best practices and consider a password manager to keep your accounts secure. Take action today. Check your passwords, replace the weak ones, and stay one step ahead of cybercriminals. Safely walk into 2025 with an improved password security.

Join us on the Koofr subbredit. We'd love to hear from you!