Is Your Password on This “100 Common” List? Find Out Now!

Most Common Passwords.jpg

If you’re using any of these passwords, it’s time to change ’em up ASAP!

In my last article about password safety, I exposed 20 most common blunders but today, we’re taking a step further by unveiling the most common passwords.

Look, we’ve all been there. You need to create a password for yet another online account and your mind just blanks.

It’s tempting to go with something easy to remember like “123456” or “password“.

But resist that urge! Those kinds of passwords are an open invitation to hackers.

To drive home the point, here are the 100 worst passwords you could possibly choose.

I’m talking the most common, easily guessed, downright terrible passwords that you should avoid like the plague.

Ready? Let’s dive in!

The Hall of Shame: Top 10 Most Common Passwords

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

Yikes! If any of your passwords are on this list, change them immediately! These are the first ones hackers will guess.

But the problems don’t stop there. Other common (read: terrible) passwords include:

  • Birthdays and years (e.g. Johan1990)
  • Default passwords (e.g. admin, guest)
  • Common names (e.g. michael, jennifer)
  • Simple keyboard patterns (e.g. qazwsx, 1q2w3e)
  • Favorite sports, teams and athletes
  • Pop culture references and fictional characters

Hackers have tools that can rapidly guess thousands of these common passwords. If yours is on the list, your account could be compromised in seconds. Scary stuff!

So, without further ado, here are the 100 most frequently used passwords, along with why they’re so awful:

100 Most Common Passwords

Password Why It’s Terrible
123456 Sequential numbers are easy to guess
123456789 Adding more sequential numbers doesn’t help
qwerty Keyboard pattern is a common hacker target
password The most obvious password choice
111111 Repeating numbers are a no-go
12345678 More sequential numbers, still terrible
abc123 Mixing alphabet and numbers is not enough
1234567 Yet another sequential number password
password1 Adding a “1” doesn’t make it secure
12345 Even shorter sequential numbers are worse
1234567890 The longer the sequence, the easier to guess
123123 Repeating a short sequence is not clever
000000 All zeros? Really?
iloveyou Too common and easy to guess
1234 Very short sequences are a hacker’s dream
1q2w3e4r5t Keyboard patterns are not secure
qwertyuiop Another keyboard pattern that’s easily guessed
123 Incredibly short and easy to crack
monkey Using a common word is not safe
dragon Another common word that’s easily guessed
123456a Adding a letter to a sequence doesn’t help much
654321 Reverse sequential numbers are still bad
123321 Palindromic sequences are not secure
666666 Repeating a short number sequence is terrible
1qaz2wsx Keyboard patterns strike again
myspace1 Using a website name with a number is not smart
121212 Repeating pairs of numbers is easily guessed
123qwe Mixing numbers and a short keyboard pattern is bad
a123456 Starting with a letter followed by numbers is common
123abc Mixing numbers and alphabet is still not enough
1q2w3e4r Another keyboard pattern that’s easily cracked
qwe123 Short keyboard pattern with numbers is not secure
7777777 Repeating the same number is a terrible idea
qwerty123 Keyboard pattern with numbers is still bad
target123 Using a common word with numbers is not safe
tinkle Using a silly word doesn’t make it secure
987654321 Reverse sequential numbers are just as bad
qwerty1 Adding a “1” to a keyboard pattern doesn’t help
222222 Repeating the same number is never good
zxcvbnm Another keyboard pattern that’s easily guessed
1g2w3e4r Slight variation on a keyboard pattern is still bad
gwerty Misspelling a keyboard pattern doesn’t make it secure
zag12wsx Keyboard pattern with slight variation is terrible
gwerty123 Misspelled keyboard pattern with numbers is bad
555555 Repeating the same number is always a bad idea
fu**you Using a swear word is not clever or secure
112233 Sequential pairs of numbers are easily guessed
asdfghjkl Yet another keyboard pattern that’s not secure
1q2w3e Short keyboard pattern is a hacker’s dream
123123123 Repeating a short sequence is terrible
qazwsx Another keyboard pattern that’s easily cracked
computer Using a common word is never a good idea
princess Another common word that’s easily guessed
12345a Adding a letter to sequential numbers doesn’t help
ashley Using a common name is not secure
159753 Random-looking numbers are still not safe
michael Another common name that’s easily guessed
football Using a popular sport is a bad idea
sunshine Common words are not secure, no matter how nice
1234qwer Mixing sequential numbers and a keyboard pattern is bad
iloveyou1 Adding a “1” to a common phrase doesn’t help
aaaaaa Repeating the same letter is incredibly easy to guess
fuckyou1 Adding a “1” to a swear word doesn’t make it better
789456123 Sequential numbers in a different order are still bad
daniel Another common name that’s not secure
777777 Repeating the same number is never a good idea
princess1 Adding a “1” to a common word doesn’t make it safe
123654 Sequential numbers in a different order are still bad
11111 Repeating the same number is always terrible
asdfgh A short keyboard pattern is not secure
999999 Repeating the same number is a hacker’s dream
11111111 Longer repeating numbers are still terrible
passer2009 Using a common word with a year is not safe
888888 Repeating the same number is never good
love Using a common word is not secure
abcd1234 Mixing alphabet and sequential numbers is bad
shadow Another common word that’s easily guessed
football1 Adding a “1” to a popular sport doesn’t help
love123 Mixing a common word with numbers is not safe
superman Using a superhero name is not secure
jordan23 Using a celebrity name with numbers is bad
jessica Another common name that’s easily guessed
monkey1 Adding a “1” to a common word doesn’t make it better
12qwaszx Keyboard pattern with slight variation is terrible
a12345 Starting with a letter followed by sequential numbers is bad
baseball Another popular sport that’s not secure
123456789a Adding a letter to sequential numbers doesn’t help much
killer Using a threatening word is not clever or secure
asdf A very short keyboard pattern is incredibly easy to guess
samsung Using a brand name is not a good idea
master Another common word that’s easily guessed
azerty A different keyboard layout pattern is still not secure
charlie Another common name that’s easily cracked
asd123 Mixing a short keyboard pattern with numbers is bad
soccer Yet another popular sport that’s not secure
FQRG7CS493 Even a random-looking combination can be guessed
88888888 Repeating the same number is never a good idea
jordan Another celebrity name that’s easily guessed
michael1 Adding a “1” to a common name doesn’t make it safe

Whew! What a list. I don’t know whether to laugh or cry. But using weak passwords is no laughing matter.

Why It Matters

Now, you might be thinking, “Who cares if my password is weak? I’ve got nothing to hide!” Well, think again. Weak passwords make it easy for hackers to:

  • Steal your identity
  • Access your email and social media accounts
  • Make purchases with your saved payment info
  • Gain a foothold to infiltrate your employer’s network
  • Lock you out of your own accounts!

According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Moreover, the Cost of a Data Breach Report by IBM Security found that the global average cost of a data breach reached $4.45 million in 2023, a 2.3% increase from 2022.

Global Average

Trust me, you don’t want to learn this the hard way. Taking a few minutes now to strengthen your passwords can save you from major headaches (and heartaches) down the road.

Common Hacking Techniques

So, how exactly do hackers exploit weak passwords? Let’s look at a few common techniques:

  1. Dictionary Attacks: Just like it sounds, hackers use software that rapidly tries every word in the dictionary (plus common variations) as your password. If your password is a simple word or phrase, it’s toast.
  2. Password Spraying: Hackers take a list of super common passwords (like the ones above) and “spray” them at hundreds or thousands of accounts, hoping to get lucky. It’s a numbers game, and weak passwords make it easy to win.
  3. Credential Stuffing: Remember all those big data breaches you’ve heard about? (More on those in a sec.) Well, hackers take huge lists of leaked usernames and passwords and try them on other sites, betting that people reuse passwords. Spoiler alert: they do.
  4. Social Engineering: Sometimes, hackers don’t even need to guess. They might send you a phishing email, posing as your bank or a coworker, tricking you into revealing your password. Or they might scour your social media for clues (birthdays, pet names, etc.) to guess your password.

Scared yet? Don’t be. Just be smart with your passwords!

Lessons from Data Breaches

You’ve probably heard about major data breaches at companies like Yahoo, LinkedIn, Adobe, and others. Millions of usernames and passwords, suddenly out in the open. Yikes.

  • The Yahoo data breach, which occurred in 2013-2014 and was disclosed in 2016, impacted 3 billion user accounts
  • The First American Corporation data leak in 2019 exposed approximately 885 million sensitive records, including Social Security numbers, driver’s license images, and bank account details.
  • In the 2012 LinkedIn data breach, 117 million user passwords were compromised and later resurfaced on the dark web in 2016.

But these breaches are a goldmine for hackers and a hard lesson for the rest of us.

Security researchers analyze these password dumps and find the same weak, overused passwords popping up again and again.

Websites like Have I Been Pwned and Dehashed let you check if your info has been compromised in a known breach.

have i been pawned

Trust me, it’s worth a look. (And if you find your password on one of these sites, change it EVERYWHERE you’ve used it!)

Crafting Strong Passwords

Here’s the deal everyone – you’re the first line of defense in protecting your own information online.

So PLEASE, for the love of all things cyber, use strong, unique passwords!

So, what makes a password strong? A good password should be:

  • Mix it up: Use a blend of uppercase, lowercase, numbers, and symbols.
  • Go long: 12 characters minimum. 20+ is even better! The National Institute of Standards and Technology (NIST) recommends using passwords that are at least 8 characters long, and up to 64 characters long
  • Stay random: Avoid dictionary words, personal info, or anything guessable.
  • Different sites, different passwords: NEVER reuse! Every account needs its own.
  • Enable two-factor authentication: That second layer of security can be a lifesaver.
  • Consider a password manager: Securely store and generate strong passwords for you. A survey by Security.org found that only 34% of Americans use a password manage.

One great technique is to use a passphrase – a string of 4+ random words.

Passphrases are long enough to be secure but much easier to remember than a gibberish mix of characters.

Here’s my personal favorite way to make a strong password – a method I’ve been using for years:

Take a phrase you’ll remember, like “I love to read Binod’s PC tips!”, and turn it into an acronym with some numbers and symbols mixed in, like this:

ILtRB’sT#t20!

It’s long, complex, and easy to remember.

But wait, we can make it even stronger! Let’s kick it up a notch by adding a few more symbols and swapping out some letters for numbers:

!Lt8B’$PCt!p$20*

Now we’ve got a password that’s practically uncrackable! Here’s why:

  1. It’s even longer – 17 characters is a hacker’s nightmare.
  2. We’ve added more symbols and numbers, making it extra complex.
  3. By swapping out some letters for visually similar numbers (like “B” for “8”), we’ve made it harder for password cracking algorithms to guess.
  4. But it’s still based on a memorable phrase, so you won’t forget it.

I’ve been using this method for years, and it’s never let me down. My passwords are always strong, unique, and easy for me to remember (but not for anyone else to guess!).

Of course, you don’t have to go quite this crazy with your passwords (though if you want to, go for it!).

The key is to start with a unique, personal phrase and mix in some complexity.

However, even with a password this strong, I still recommend using a password manager for maximum security.

Password managers can generate super-complex passwords for each of your accounts and store them securely, so you don’t have to remember them all.

Password Generator

All you have to remember is one “master password” to unlock the vault.

I was a LastPass user for a long time, but recently switched to the self-hosted version of Bitwarden.

I love that it gives me total control over my password vault and lets me access my passwords from anywhere, on any device.

How We Collected the Most Common Passwords

To compile this list of the 100 most common passwords, we scoured data breach records, security surveys, and public password dumps.

Time and time again, the same terrible passwords showed up among millions of exposed credentials.

The “Have I Been Pwned” website, maintained by cybersecurity expert Troy Hunt, has collected over 13 billion compromised accounts from various data breaches.

But here’s the scary part – if your password is on this list, it’s not just common… it’s compromised.

Hackers have huge lists of these common passwords and can crack accounts using them in minutes.

Found This Helpful?

Did you find any of your passwords on the “100 worst” list? (No need to tell me which ones! )

If you spot any of your passwords here, change them immediately. And spread the word to your friends and family.

Did you find this password security guide useful? I’d love to hear your thoughts!

What was the most eye-opening part for you? Is there anything you’d like me to explain in more detail?

Your feedback helps me create better content to keep you and your accounts safe.

So don’t be shy – hit me with your questions, comments, and suggestions below!