123456 is the most popular password, according to the 2021 research by NordPass. Moreover, it is the top password in 43 countries out of the 50 analyzed and is also the most popular worldwide.
This year, the research published by NordPass features not only the top 200 passwords globally but also covers the top 200 passwords of 50 different countries. Readers can also explore the most common passwords among different genders in all the researched countries.
These are the top 20 most common passwords globally:
Trends and differences among countries and genders.
Overall, similar trends were observed all over the world.
1. Easy number combinations, such as the winning “123456”, are popular everywhere in the world. In fact, “123456” was the most popular password in 43 countries out of the 50 analysed. The top passwords in the remaining seven countries were not that different: in India, the top password was the word “password”, Indonesia — “12345”, Japan — “password”, Portugal — “12345”, Spain — “12345”, Thailand — “12345”, Ukraine — “qwerty”.
2. “Qwerty” and the variations of it or the localised versions of “qwerty” (for example, “azerty” in French-speaking countries) are also popular in all the analysed countries.
3. People use loving words everywhere, such as “iloveyou” and its localised versions (“ichliebedich”, “tequiero” and so on), as well as “sunshine” or “soleil”, which means “sun” in French, “princess” or “corazon”, which means “heart” in Spanish and is often used in direct address as a term of endearment.
4. This research also shows that people tend to use their own names as their passwords, as female names mostly dominate the women’s lists, and male ones dominate men’s.
5. Entertainment and popular culture also plays a big part in people’s passwords. The passwords “naruto”, “pokemon”, “kalleanka” (Donald Duck in Swedish) are just a few cartoon characters that made it on the list. When it comes to music, various bands and artists also made the list, including “blink-182” and “eminem”. Interestingly, “metallica” and “slipknot” were quite popular passwords among men, appearing on men’s lists in several countries. They were not so popular among women, who lean towards different music styles and use “justinbieber”, “onedirection”, and “tokiohotel” as passwords more often.
6. Sports, especially football, were perhaps the most dominant on the lists. In almost all the countries, people often use local football teams as passwords. For example, “colocolo” in Chile, “nacional” in Brazil, “sparta” in the Czech Republic, “marseille” in France, “schalke04” in Germany, “olympiakos” in Greece, and many more. The United Kingdom’s password list contained almost all the Premier League teams, with “liverpool” and “arsenal” in the lead. It’s also worth noting that football-related passwords were more common among men.
Passwords are getting weaker
The NordPass research also illustrates how weak the top passwords are by indicating the time it would take a hacker to crack that password. While the “Time to crack” measure is indicative and depends on various technological aspects, it’s a good reference point that shows how poor these passwords are.
Overall, in the global list, 169 passwords out of the 200 can be cracked in less than a second. That’s 84.5%, whereas last year the passwords seemed a bit stronger — 73% of the passwords could be cracked in less than a second.
“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” says Jonas Karklys, CEO of NordPass. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”
“The purpose of this research is to showcase that poor passwords are still a very big problem worldwide, but there are some simple steps you can take to prevent your password from appearing on the list next year,” Jonas Karklys, CEO of NordPass.
Found your password on the “most popular” list?
Jonas Karklys, CEO of NordPass, advises taking a few simple steps in order to improve your password hygiene.
1. If you found your password on the list, make sure to change it to a unique and strong one. Ideally, use a password generator online or in your password manager app to create a truly complex password.
2. Store your passwords in a password manager. Nowadays, an average person has around 100 accounts, so it would be impossible to remember all the passwords if they are indeed unique and complex. Password managers are a great solution for that, but make sure to use a trustworthy, reliable, and, ideally, third-party audited provider.
3. Use multi-factor authentication. Whether it’s biometric authentication, a phone message, or physical key, it’s always a good idea to add an extra security layer on top of your password.
The list of passwords was compiled in partnership with independent researchers specialising in research of cybersecurity incidents. They evaluated a 4TB-sized database. Researchers classified the data into various verticals, which allowed them to perform a statistical analysis based on countries and gender.
With regard to the gender vertical, the researched data was classified by gender only if it included a gender key. If the breached data didn’t contain the data key, it was classified as“unknown”.