Are you still using “chocolate,” “naruto,” or “monkey” for your passwords? You really need to stop. All three are among the most commonly used passwords, putting your accounts at risk of hacking, according to new data from NordPass.
The password manager’s sixth annual list of the top 200 most commonly used passwords is pulled from a 2.5TB dataset of stolen logins taken from various sources, including the dark web, where cybercriminals often lurk and sell looted information.
PCMag-Recommended Password Managers
“We analyzed passwords stolen by malware or exposed in data leaks,” the company says.
The most used password worldwide is an old favorite—”123456″—which was also No. 1 last year.
(Credit: NordPass)
In the US, “123456” comes in second behind “secret,” though “123456” still takes the top spot for the most commonly used corporate password. “Password” is the third most popular code.
(Credit: NordPass)
“After analyzing 6 years’ worth of data, we can say there hasn’t been much improvement in people’s password habits,” NordPass says. “So, despite many organizations’ efforts to spread awareness, the problem is still as prevalent as ever.”
Although simple passwords are convenient, they’re also extremely easy for hackers to guess. Cybercriminals also use automated software to quickly “crack” a user’s login.
Recommended by Our Editors
NordPass notes that “78% of the world’s most common passwords can be cracked in less than a second, which yet again reminds us to avoid popular words or keyword combinations in passwords.” Other commonly used passwords on the list—like “family,” “matthew,” or “Indya123” —can be cracked in less than 20 minutes.
The findings are a reminder to use complex passwords for your logins and multi-factor authentication to prevent hackers from breaking into your accounts. Naturally, a password manager can help you store such complex passwords. But in some cases, users can also ditch traditional passwords entirely. In recent years, more websites and apps have been rolling out support for passkeys, which use cryptography keys generated by your device to unlock the access, similar to the fingerprint/facial unlock on today’s smartphones.
Sites including Google, Amazon, and Apple have all adopted passkeys. For more information on using passkeys, check out our explainer.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
