How many times have we been told to choose secure passwords to protect our online accounts? Yet, year after year, data emerges showing how often this simple rule is ignored. A recent study analyzing millions of compromised passwords highlights the most commonly used combinations globally, and the results are nothing short of alarming.
According to an analysis conducted by NordPass, a leading authority in cybersecurity, the most common passwords of 2024 are as predictable as they are dangerous. They include sequences like 123456, password, or qwerty, which remain popular choices for millions of users despite their extreme vulnerability.
Creating a Secure Password Isn’t Difficult
Still, many people continue to opt for simple combinations out of convenience or fear of forgetting them. Sequences of numbers, common words, or obvious keyboard patterns seem like a quick solution but end up being a trap.
Often, the issue is not just negligence but also a lack of awareness of how easy it is for cybercriminals to crack these combinations.
The Most Common Passwords of 2024
Based on the data collected, here are the 10 most common and vulnerable passwords of 2024:
- 123456 – Used by 3,018,050 users.
- 123456789 – Used by 1,625,135 users.
- 12345678 – Used by 884,740 users.
- password – Used by 692,151 users.
- qwerty123 – Used by 642,638 users.
- qwerty1 – Used by 583,630 users.
- 111111 – Used by 459,730 users.
- 12345 – Used by 395,573 users.
- secret – Used by 363,491 users.
- 123123 – Used by 351,576 users.
These numbers clearly show how widespread poor awareness of digital security still is.
Most passwords on this list can be cracked in less than a second due to their predictability and the power of tools used by hackers. Even longer passwords, like 123456789, are included in attack databases and can be decoded instantly.
This study underscores the importance of taking online security seriously. A weak password isn’t just a risk for your account but also for your personal data, digital identity, and, in many cases, your professional activities.
How Passwords Are Hacked
Hackers don’t sit at a computer manually typing possible combinations. Instead, they use advanced software to test billions of combinations in seconds.
Here are some of the most common techniques:
- Brute Force Attack: The system tests every possible combination until the correct one is found. Simple passwords are cracked in under a second.
- Dictionary Attack: Hackers use lists of common passwords, often based on compromised databases. Words like “password” or sequences like “123456” are tested first.
- Credential Stuffing: If hackers gain access to one account, they use the same credentials to try to access linked services.
Best Practices for Protecting Your Accounts
The good news is that protecting your accounts isn’t difficult. Here are some essential guidelines:
- Use long and complex passwords: Ideally, they should be 12-16 characters and include uppercase and lowercase letters, numbers, and symbols.
- Avoid common words and predictable sequences: Names, birthdays, or keyboard patterns like “qwerty” should be avoided.
- Don’t reuse the same password for multiple accounts: This limits the damage if one account is compromised.
- Use a password manager: These tools help generate and store secure passwords, eliminating the need to remember them all.
- Enable two-factor authentication (2FA): Even if hackers obtain your password, a secondary code sent to your phone or email will block them.
- Update passwords periodically: Changing sensitive passwords every six months is a good habit.
Changing your habits is the first step toward a more secure digital future. With a few precautions and a little attention, you can safeguard your online life and significantly reduce the risk of cyberattacks.
