The cybersecurity team behind NordPass – a secure password manager developed by NordVPN – has released a report revealing the 200 most commonly used passwords.
In recent years – but particularly since the pandemic struck – password managers have taken on renewed importance as cyberattacks have skyrocketed.
Choosing a complex enough password, however, only represents the first step to keeping an account and the information inside it safe and secure.
NordPass Reveal Which Passwords Won’t Pass
The report itself, released last week, reveals the 200 most widely used passwords in 2021, all of which would take less than two seconds to crack.
After analyzing around 4 Terabytes of data, NordVPN found that the most commonly used password was ‘123456’, which NordPass’s researchers revealed was used over 130 million times this year.
“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene…with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.” – Jonas Karklys, CEO of NordVPN.
Variants such as ‘123456789’ and ‘12345’ came some way behind in second and third place, but were still used a combined total of 70 million times.
Other interesting findings included ‘Monkey’ becoming the most commonly used animal password in the world (unless you count ‘dragon’) and Metallica (88,543) edging Slipknot (75,204) in a ‘battle of the bands’. ‘michael’, on the other hand, was the globe’s most widely-used used first name as a password (and the 66th most common password overall).
Unsurprisingly – and perhaps worryingly – the word ‘password’ itself also made it into the global top five for the second year running, falling from fourth place in NordPass’s 2020 report.
View the top fifty passwords in the US, below.
The US Password Problem
In the US, things are apparently even worse: ‘password’ is in fact the second most commonly used password in the country.
Quintessentially American passwords that made the list in the US included ‘superman’ (34), ‘mustang’ (61), ‘freedom’ (70), and ‘Yankees’ (136), all of which were used by tens of thousands of people.
In the US, Women used the password ‘iloveyou’ over 222,287 times. Men, on the other hand, used it 98,785 times.
Other findings from the States include the fact that the word ‘linkedin’ was used over 142,000 times and was the 56th most popular password. It was, however, comfortably beaten by people paying tribute to a social media site from a different era – ‘myspace1’ was the 28th most popular site.
NordPass’s research also revealed that around 1.7 billion US passwords have been leaked, which works out at roughly five per person.
US vs UK: What the Passwords Tell Us
Few nations like to draw comparisons between one another like the US and UK – and the popularity of certain passwords in the two countries makes for interesting reading.
Whilst ‘basketball’, ‘baseball’ and ‘soccer’ all feature inside the top 100 for the US, specific teams rule the roost in Britain, With ‘liverpool’, ‘arsenal’, ‘chelsea’, ‘manutd’, ‘everton’ and ‘rangers’ all featuring on the UK’s list.
Americans clearly find the process of choosing a password much more infuriating than their transatlantic counterparts – ‘f*ckyou’ is the 30th most popular password in the states, whereas no expletives appear in the UK’s top 50. ‘f*ckyou1’ (81) and ‘f*ckyou2′(152) also made the cut in the US.
Fascinatingly, it’s even possible to see the UK’s significantly more sarcastic approach to humor shining through in the list – the 26th most popular password in Britain this year was simply ‘letmein’, which was used more than 50,000 times by forgetful Brits in typically self-deprecating fashion.
‘Letmein1’, on the other hand, was used a further 15,000-plus times in Britain, whereas ‘changeme’ was the 147th most popular password in the UK this year – in the US, no passwords that suggest users were aware of their terrible security practices made the list.
Protecting Yourself Against Data Breaches
In 2021, protecting yourself against data breaches is vital – hackers now have more tools at their disposal than ever before to aid them in orchestrating attacks on accounts – and techniques like password spraying are on the rise.
Using passwords of at least 12-16 characters is strongly recommended – the longer and more complex a password is, the longer it takes in real-time to crack it. Other golden rules include never using the same password on more than one account.
Another recommended security measure is using a password manager such as NordPass – which is actually one of the best ones currently available.
A recent, emerging view in cybersecurity is to use ‘passphrases’ – full sentences that are longer in terms of the sheer volume of letters, even though they may not use numbers and/or special characters – rather than passwords, something FBI recommended last year.
As a bare minimum, however, make sure you’re not using a password featured on NordPass’s list – and if you do, change it immediately.
Top 50 US Passwords in 2021
| Ranking (US) | Password |
|---|---|
| 1 | 123456 |
| 2 | password |
| 3 | 12345 |
| 4 | 123456789 |
| 5 | password1 |
| 6 | abc123 |
| 7 | 12345678 |
| 8 | qwerty |
| 9 | 111111 |
| 10 | 1234567 |
| 11 | 1234 |
| 12 | iloveyou |
| 13 | sunshine |
| 14 | monkey |
| 15 | 1234567890 |
| 16 | 123123 |
| 17 | princess |
| 18 | baseball |
| 19 | dragon |
| 20 | football |
| 21 | shadow |
| 22 | michael |
| 23 | soccer |
| 24 | unknown |
| 25 | maggie |
| 26 | 000000. |
| 27 | ashley |
| 28 | myspace1 |
| 29 | purple |
| 30 | fuckyou |
| 31 | charlie |
| 32 | jordan |
| 33 | hunter |
| 34 | superman |
| 35 | tigger |
| 36 | michelle |
| 37 | buster |
| 38 | pepper |
| 39 | justin |
| 40 | andrew |
| 41 | harley |
| 42 | matthew |
| 43 | bailey |
| 44 | jennifer |
| 45 | samantha |
| 46 | ginger |
| 47 | anthony |
| 48 | qwerty123 |
| 49 | qwerty1 |
| 50 | peanut |
