The Most Popular Password of 2024 Remains “123456”
For the sixth year in a row, researchers at NordPass have compiled a list of the worst and most common passwords of the year. Unfortunately, 2024 has not brought any significant improvements: people still use “123456” as their password more than any other, and timeless classics like “password” and “qwerty123” remain in the top five.
To create this ranking, experts analyzed a 2.5 TB database collected from various open sources, including those on the dark web (such as passwords stolen by infostealers or leaked due to data breaches). They emphasize that no personal user data was purchased or otherwise obtained in the process.
This year, the researchers also prepared separate statistics for corporate passwords, which are usually stolen along with email addresses. This allows them to distinguish between corporate and personal credentials.
“Once again, ‘123456’ has earned the title of the worldβs worst password,” NordPass experts write. “In fact, over the six years of our research, it has topped the list and been recognized as the most common password five times out of six. The password ‘password’ only received this dubious honor once.”
Top 10 Worst Passwords of 2024
- 123456
- admin
- 12345678
- 123456789
- 1234
- 12345
- password
- 123
- Aa123456
- 1234567890
As shown in the list above, the password “123456” was used over 3 million times, and it takes less than a second to crack. Other passwords in the top 10, such as “password,” “secret,” and “qwerty123,” are similarly “secure.”
Unfortunately, the situation in the corporate sector is almost no different and looks just as bleak. “People tend to rely on the same weak passwords in both their personal and professional lives,” the researchers explain.
Most Common Corporate Passwords
- 123456
- password
- 12345
- 12345678
- qwerty
Experts remind users that strong passwords should be at least 20 characters long and should not contain easily guessable information (such as birthdays, names, or simple words). You should also avoid reusing the same passwords across different websites and services.