Change your password. Don’t give me that, “Oh, I’ll do it later,” malarkey. Update your most important accounts now—and please, for the love of all of your files in the cloud, don’t change it to ‘123456.’
Why not? Well, it’s only the most popular password for both personal and corporate accounts—making it also the easiest for hackers and even AI to crack—according to NordPass. For the last six years, the password management arm of NordVPN has collated data on the most commonly used passwords in a bid to get people to take their own digital security more seriously. Unfortunately, the usual suspects reign supreme.
The NordPass lists are based on data taken from “various publicly available sources, including those on the dark web,” including credentials both exposed by data breaches (like the recent attack on the Internet Archive) or otherwise scooped up by malware. Some of the data included full email addresses, though NordPass assures, “no personal data was acquired or purchased to conduct this study.”
That said, there was enough detail in their data set for NordPass to determine that it pertains to accounts registered across 44 different countries. Naturally, one should be sceptical of any facts or figures coming from a company also trying to sell you something. That said, if you’re genuinely using ‘password’ as your actual password for anything, you need to have a word with yourself as it placed fourth and fifth this year.
We’ve covered NordPass’ yearly list of the 200 most used passwords before, with ‘123456’ taking the top spot in both 2020, 2022, and now once again in 2024. If this is a password you’re currently using for either a personal or corporate account, you should know that NordPass estimates it will take any would-be hacker less than a second to pry their way into your accounts.
Honestly, you’d be better off changing your password to ‘0451,’ and keeping a scrawled post-it nearby as a reminder—partly because no passwords using this fabled combination appear among the top 200.
Among the 20 most used passwords are many variations on the theme of a numberbar glissando (that is, running your finger along the keys in sequence like you’re a swish pianist), and permutations of ‘qwerty’ appear no less than three times. The first surprising appearance is ‘dragon’ at number 20, followed by ‘monkey’ at 21. While a little less straightforward, a hacker would still crack both in no time at all, and no amount of wishing will undo that sort of damage—even with your snazzy replica Dragon Balls.
Anime jokes that are a stretch at best aside, what can one do for better password management with all of these accounts you’re expected to have in this day and age? NordPass’ answer is obvious, but we’ve also broached the subject ourselves with this handy guide.
If you’re still looking for password inspiration, the UK’s National Cyber Security Centre advises that three random words stuck together makes for pretty good passwords—just make sure they’re three actually random words because anyone of a certain age will guess ‘Purple Monkey Dishwasher’ a mile off.
Anyway, because I’m vain, I did also take a look at where my own name ranked on NordPass’ lists; it turns out ‘jessica’ places at 114th for personal passwords and 112th for corporate codes. According to NordPass’ estimations, it’d also take slightly longer for a hacker to crack too—a whole seven seconds! Finally, something to be proud of.