If you're using a password on this list, change it now – hackers could break into your account in seconds
GETTY
Stop relying on "123456" and other weak passwords, researchers warn
Passwords protect some of our most personal information from prying eyes, but despite their critical role, millions are still relying on lacklustre combinations to keep their data safe. And when we say "lacklustre", we really mean it.
A list of the most common passwords of 2023 has been published and shockingly "123456" is in first place. The uncreative password was used over 4.5 million times by users online, researchers say, with the word "admin" a close second with 4 million uses worldwide.
Cybersecurity researchers worked with the team at NordPass – the password management software developed by the same minds as NordVPN – to put together the definitive list of the most common passwords of the year.
To do this, they scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.
Hackers can break into accounts secured by passwords like "123456" and "admin" in under a second, researchers at NordPass confirmed. If you have any online accounts protected with one of these passwords, then it's time to change to something new – and much more secure.
Numerical sequences crop up throughout the most common password list, with "123456", "12345678", "123456789", and "1234" all making it into the top five. In fact, one-third of the top 10 consists of numbers alone.
Find the complete list of the 10 most common passwords at the bottom of this article.
According to the research, people tend to rely on the weakest passwords for their streaming services, like Netflix, Disney+, and Prime Video, reserving their strongest passwords for online banking.
Commonly used passwords for streamers included the cringe-inducing "Netflix", "netflix123", "disney123", and "disney2020". While researchers found people typically reserved their best passwords for financial accounts, weaker options like "visavisa1" and "paypal123" still crop up in the list.
This is a pattern that comes up time and time again. NordPass found that different platforms influence password habits, with the fourth most common password used to secure accounts on Amazon being (surprise, surprise) "amazon".
Some websites have strict conditions for passwords, forcing account holders to use at least one letter, number, and special characters. These conditions have pushed passwords like "P@ssw0rd" into the top 30 passwords worldwide, but unfortunately, it's done little to make users' data safer. According to NordPass, "P@ssw0rd" can be unlocked by hackers in under one second.
A troubling 70% of the list of most commonly used passwords can be hacked in seconds, researchers say.
Tomas Smalakys, NordPass Chief Technology Officer said: "With the terrifying risks password users encounter, alternative methods in online authentication are now essential.
"Passkey technology, considered the most promising innovation to replace passwords, is successfully paving its way, gaining trust among individuals and progressive companies worldwide. Being among the first password managers to offer this technology, we see people are curious to test new things, as long as this helps eliminate the hassle of passwords."
So, what should you do? NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters. Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.
If you're struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you're unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters.
LATEST DEVELOPMENTS
Password managers are also a popular way of securing your online account. These applications generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.
NordPass is one option available alongside the likes of LastPass and 1Password.
Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and iCloud Keychain respectively, that generate and store passwords.
Online accounts are increasingly turning to passkeys as a way to let users sign-in to apps and sites the same way they unlock their devices – using a fingerprint, a face, or an on-screen PIN. Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.
Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time. For the time being, we're still stuck with passwords for a huge number of our online accounts ...as such, it's time to ditch "password123" and think of something a little stronger.