Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Are you using one of these passwords? If so, it’s time for a change

The most common passwords used in 2021 have been revealed, and to call them an embarrassment would be an understatement to say the least.

According to a new report from NordPass, a service that provides a password manager program, a worrying amount of users still rely on extremely weak passwords.

Passwords locked on Mac.
Image used with permission by copyright holder

The top 200 most common passwords of 2021 study, covering 50 countries, reveals that “123456” remains as the most popular password for the second year running. More than 103 million people use it for log-in purposes, even though it’d take less than a single second to crack it.

Other frequently used passwords within the top 10 list largely consist of number-based passes like “123456789,” which is utilized by 46 million individuals. The only two that don’t contain a numerical form are “qwerty,” and of course, “password.” They’re applied by 22.3 million and 20.9 million users, respectively. 

When it comes to other bad password choices, a “stunning” number of people opted to make their own names as their preferred password. Elsewhere, Ferrari and Porsche are the most popular car brands in regard to weak passwords.

Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene.

While the vast majority of the top 200 most common passwords can be cracked in less than a second — or a few seconds in some cases — there are some that would take considerably longer to gain access to. “1g2w3e4r” and “gwerty123,” both used by a million people, would take three hours to crack. Interestingly, removing the “123” from “gwerty” makes it a much easier target, as it’ll only take five seconds to crack.

Rounding out the passwords in the list that’ll take between 1-3 hours to penetrate are “michelle,” “jennifer,” “myspace1,” and “zag12wsx.”

NordPass’s methodology for forming its research involved working with independent researchers who specialize in the cybersecurity incident research field. The most common password list was compiled via an evaluation of a 4TB database containing leaked passes.

“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” Jonas Karklys, CEO of NordPass told Lifewire. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”

Fixing the problem

So, how does one go about adding additional layers of security that will better protect their passwords? It goes without saying that no one should use “123456” as their entry point for any account — or any of the passwords in the aforementioned report for that matter. Password managers have become commonplace and are usually a reliable resort, while two-factor authentication should also be considered as another safety measure.

When factoring in their security deficiencies, passwords, in general, are naturally the most common target for hackers. In fact, 81% of hacking-related breaches are achieved through weak or stolen passwords.

“The single most common security vulnerability today is still bad passwords.”

“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year,” Microsoft detailed in September.

Apple, meanwhile, has integrated a newer form of tech into its devices through iCloud Passkey, which effectively gets rid of passwords and offers a more secure process via Public Key Cryptography.

Apple joins both Microsoft and Google in envisioning a future for passwordless authentication. Software giant Microsoft, for one, has already seen more than 200 million users enabling passwordless login for its services.

“The single most common security vulnerability today is still bad passwords,” Jen Fitzpatrick, senior vice president of core systems at Google, stated in May. “Ultimately, we’re on a mission to create a password-free future.”

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers targeted 1Password after Okta breach, but your logins are safe
A dark mystery hand typing on a laptop computer at night.

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

Read more
Hackers are using this incredibly sneaky trick to hide malware
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass -- or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

Read more
Microsoft admits defeat on its controversial OneDrive change
Microsoft OneDrive files can sync between a PC and a phone

Microsoft has canceled plans to update how photos are stored on OneDrive after heavy criticism from its users.

The changes, which were set to go into place on October 16, would have made it so photos uploaded to your OneDrive account would count toward your data quota for every location they existed in your account, according to Neowin.

Read more