The Most Commonly Used Password is… “Password”

According to NordPass “guest” topped the charts for US users, with “password” and “123456” trailing close behind.

Combining poor cybersecurity practices with unoriginality, “password” has officially become the most commonly used password globally, despite the fact it takes less than a second to be cracked, according to a recent report published by the VPN provider, NordPass.

In the US, while weak passwords such as “password” and “12345” also made the top three, our cyber due diligence remains slightly stronger than the global average, with “guest” — a password that takes ten seconds to crack — sitting at the top spot.

However, despite minor improvements from 2021, due in part to the growing adaptation of tools like password managers, the results of this survey reveal that we still have a lot to learn about password security. Read on to see how your password compares to the world’s most commonly used codes.

Which Passwords Are We Using the Most?

A year has passed since NordPass revealed that “123456” was the most commonly used password of 2021, and it seems like we still have a lot to learn.

After researching the password habits of individuals in over 30 countries, a new survey by NordPass reveals that “password” has overtaken last year’s victor, with the code being used by almost 5 million users globally. “123456” and “123456789” currently sit in the second and third positions, with the codes being used 1,523,537 and 413,056 times respectively.

Other notable mentions include “iloveyou” which ranked in 43rd place and “football” at number 73. Also, just like in NordPass’s previous research, pop culture was shown to massively influence the prevalence of certain passcodes, with the codes “batman”, “euphoria” and “encanto” witnessing a surge of use over the past year.

Fortunately, password habits within the US seem to be slightly more secure than the global average, with the harder-to-crack password “guest” being our most commonly used code, with a user count of 127,861. Other stronger passwords include “unknown” at number 14, which takes an average of 17 minutes to crack, and “g_czechout” which, impressively, takes 12 days to crack.

Poor Passwords Can Have Costly Consequences

We get it, creating and remembering long, complex passwords can be a pain. However, the events of recent years have shown the alternative to using a strong code can be much, much worse.

Weak passwords continue to be the first port of call for cybercriminals looking to gain access to accounts, with over 80% of US cyber attacks resulting from poor password negligence. And as individuals and businesses continue to use inadequate forms of protection, password attacks are only on the rise – with 921 instances taking place each second according to research from Microsoft.

NordPass 2022 Fun Password Stats

Some of these instances are very high profile, too. In September the databases of InterContinental Hotels, the US hotel chain home to major names like Crowne Plaza and Holiday Inn, were hacked by a Vietnamese couple using the password “Qwerty1234”. Fortunately for the chain, the criminals’ ransomware attempts were not successful, but they did resort to wiping the company’s hard drive instead.

In a similar instance and around the same time, the US business and media publication FastCompany fell victim to a password attack. Hackers were able to breach the system, using the generic password “pizza123” before modifying articles to include offensive content.

In the long run, getting rid of passwords might be the best solution. Until then, there are just a few steps you need to take to avoid the same fate as these companies.

How to Upgrade Your Password Security

Tedious as it may be, vamping up your password security is pretty straightforward. According to NordPass, using a long and complex password containing at least 12 characters and a variety of cases, letters, numbers, and symbols is the most effective way to bolster your first line of defense.

NordPass also recommends coming up with a unique password for each account, checking which accounts you aren’t able to access, and assessing the strengths of your passwords on an ongoing basis.

Maintaining good password health doesn’t need to be a headache — by using a password manager, you’re able to generate strong, uncrackable passwords automatically and save them all in one easy-to-access location. Check out our guide to the best password managers to find a solution that works for your business.

0 out of 0
Local Storage Option
Two-Factor Authentication
Failsafe Function
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Help Instructions
Email Support
Live Chat Support
Phone Support
Business Plan?
Business Price
Cheapest available business plan
Click to Try




Sticky Password





$19.95/10 users




Try 1Password Try NordPass Try LastPass Try Dashlane Sticky Password
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Isobel O'Sullivan (BSc) is a senior writer at with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals