NordPass recently published its annual list of the top 200 most common passwords in the world, and the top 10 are all very predictable.
The official most common password used in 2023 is:
“123456”
“123456” retook the top spot after the classic “password” knocked it off last year. “password” has fallen to 7th this year, largely being overtaken by other simple number sequences of varying lengths. Worringly, according to NordPass, all of the top 10 most common passwords this year can be cracked in under a second.
Here’s the full top 10:
The fact that “admin” is on this list is particularly interesting, as it is new entry in the list. Many user accounts are set up with default logins and passwords, and “admin” is a very common choice, especially for higher level accounts. It’s frightening that so many accounts with significant access to their organisation’s data are being so reckless with their password strategy.
Neglecting to update your password from the default choices exposes your account to potential breaches. Default passwords are often very simple, providing hackers with an easy point of entry. This aspect is integral to the Cyber Essentials certification, a comprehensive set of requirements that organisations can implement for protection against fundamental cyber threats, which can be up to 80% of potential attacks.
NordPass trawled through 4.3TB of data from 35 countries to compile this list alongside independent researchers, and there are some interesting quirks to notice if you trawl through the stats. For example, passwords seem to have taken on a slightly potty-mouthed trend this year. In Germany, the eighth most common password is “sheisspasswort”, which roughly translates to “s**t password”. In the US, “s**tbird” was the 16th most popular password , except without the asterisks. No, we don’t know why either.
In the UK, fans of Liverpool, Arsenal and Chelsea have pushed their teams up the password league table and into the top 10, but they have made their accounts significantly weaker by doing so.
Here’s the full top 10 for the UK:
What if my password is on the list?
If some of your passwords are on the list, we recommend that you change them as soon as possible. The same-old lessons about password strength still hold true today. Always try to make them longer, more complex, and never reuse a password for different accounts. However, the strongest password strategy means you only have to create and remember a single password yourself.
If any of your passwords are on the list, we strongly advise you to change them as soon as you can. The timeless principles of password strength still apply today. Aim for longer, more intricate passwords, and never recycle a password across different accounts. However, the strongest password strategy involves creating and remembering just one password yourself.
Password managers like NordPass and LastPass are currently the best way to secure your accounts and steer clear of the pitfalls in these lists. These tools can generate lengthy, intricate, and randomised passwords that would take decades for a computer to crack. They securely store these passwords for you, eliminating the need to memorise or reuse any passwords. The only password you need to create manually is for your password manager account. However, this password has to be very strong to avoid any leaks.
A robust password strategy and awareness of the dangers of poor password management is vital for your cybersecurity, boosting both personal and organisational security. In a business context, having a good strategy sets you on the path to achieving the Cyber Essentials certification. For a deeper understanding of Cyber Essentials and how it can fortify your business, reach out to the OmniCyber Security team today.