Embarrassing Report Finds ‘Password’ is the Second Most-Used Password in the US

A report by NordPass shows just how poor US cybersecurity is, as the top 200 passwords can be cracked in under one second.

The cybersecurity team behind NordPass – a secure password manager developed by NordVPN – has released a report revealing the 200 most commonly used passwords. 

In recent years – but particularly since the pandemic struck – password managers have taken on renewed importance as cyberattacks have skyrocketed. 

Choosing a complex enough password, however, only represents the first step to keeping an account and the information inside it safe and secure.

NordPass Reveal Which Passwords Won’t Pass

The report itself, released last week, reveals the 200 most widely used passwords in 2021, all of which would take less than two seconds to crack. 

After analyzing around 4 Terabytes of data, NordVPN found that the most commonly used password was ‘123456’, which NordPass’s researchers revealed was used over 130 million times this year. 

“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene…with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.” – Jonas Karklys, CEO of NordVPN.

Variants such as ‘123456789’ and ‘12345’ came some way behind in second and third place, but were still used a combined total of 70 million times. 

Other interesting findings included ‘Monkey’ becoming the most commonly used animal password in the world (unless you count ‘dragon’) and Metallica (88,543) edging Slipknot (75,204) in a ‘battle of the bands’. ‘michael’, on the other hand, was the globe’s most widely-used used first name as a password (and the 66th most common password overall). 

Unsurprisingly – and perhaps worryingly – the word ‘password’ itself also made it into the global top five for the second year running, falling from fourth place in NordPass’s 2020 report. 

View the top fifty passwords in the US, below.

The US Password Problem

In the US, things are apparently even worse: ‘password’ is in fact the second most commonly used password in the country. 

Quintessentially American passwords that made the list in the US included ‘superman’ (34), ‘mustang’ (61),  ‘freedom’ (70), and ‘Yankees’ (136), all of which were used by tens of thousands of people. 

In the US, Women used the password ‘iloveyou’ over 222,287 times. Men, on the other hand, used it 98,785 times.

Other findings from the States include the fact that the word ‘linkedin’ was used over 142,000 times and was the 56th most popular password. It was, however, comfortably beaten by people paying tribute to a social media site from a different era – ‘myspace1’ was the 28th most popular site.

NordPass’s research also revealed that around 1.7 billion US passwords have been leaked, which works out at roughly five per person. 

US vs UK: What the Passwords Tell Us

Few nations like to draw comparisons between one another like the US and UK – and the popularity of certain passwords in the two countries makes for interesting reading.

Whilst ‘basketball’, ‘baseball’ and ‘soccer’ all feature inside the top 100 for the US, specific teams rule the roost in Britain, With ‘liverpool’, ‘arsenal’, ‘chelsea’, ‘manutd’, ‘everton’ and ‘rangers’ all featuring on the UK’s list.

Americans clearly find the process of choosing a password much more infuriating than their transatlantic counterparts – ‘f*ckyou’ is the 30th most popular password in the states, whereas no expletives appear in the UK’s top 50. ‘f*ckyou1’ (81) and ‘f*ckyou2′(152) also made the cut in the US.

Fascinatingly, it’s even possible to see the UK’s significantly more sarcastic approach to humor shining through in the list – the 26th most popular password in Britain this year was simply ‘letmein’, which was used more than 50,000 times by forgetful Brits in typically self-deprecating fashion.

‘Letmein1’, on the other hand, was used a further 15,000-plus times in Britain, whereas ‘changeme’ was the 147th most popular password in the UK this year – in the US, no passwords that suggest users were aware of their terrible security practices made the list.

Protecting Yourself Against Data Breaches

In 2021, protecting yourself against data breaches is vital – hackers now have more tools at their disposal than ever before to aid them in orchestrating attacks on accounts – and techniques like password spraying are on the rise.

Using passwords of at least 12-16 characters is strongly recommended – the longer and more complex a password is, the longer it takes in real-time to crack it. Other golden rules include never using the same password on more than one account.

Another recommended security measure is using a password manager such as NordPass – which is actually one of the best ones currently available. 

A recent, emerging view in cybersecurity is to use ‘passphrases’ – full sentences that are longer in terms of the sheer volume of letters, even though they may not use numbers and/or special characters – rather than passwords, something FBI recommended last year.

As a bare minimum, however, make sure you’re not using a password featured on NordPass’s list – and if you do, change it immediately.

Top 50 US Passwords in 2021

Ranking (US)Password
1123456
2password
312345
4123456789
5password1
6abc123
712345678
8qwerty
9111111
101234567
111234
12iloveyou
13sunshine
14monkey
151234567890
16123123
17princess
18baseball
19dragon
20football
21shadow
22michael
23soccer
24unknown
25maggie
26000000.
27ashley
28myspace1
29purple
30fuckyou
31charlie
32jordan
33hunter
34superman
35tigger
36michelle
37buster
38pepper
39justin
40andrew
41harley
42matthew
43bailey
44jennifer
45samantha
46ginger
47anthony
48qwerty123
49qwerty1
50peanut
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Aaron Drapkin is Tech.co's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals