2021 Report: Are We Still Lazy With Our Passwords?

At NordPass, we have this little tradition. Each year, we join forces with researchers specializing in data breach analysis and compile a list of the Top 200 Most Common Passwords. We do that in the hope of making a positive change to password hygiene — after all, passwords are our first line of defense.

And when we talk about the need to improve our password security habits, we don’t ask for much. The benchmark is pretty low. But it seems that we still have a long way to go. Once again,?123456?enjoys the number one spot on the list.

Before you jump in and explore the complete list, here’s a quick overview of the Top 200 Most Common Passwords of 2021.

This year’s list: a more comprehensive look

Just like last year and the year before, NordPass joined forces with an independent third-party team specializing in data breach research to compile the list. The team thoroughly analyzed a 4TB database of publicly available cybersecurity incidents.

Last year's list provided a look at the Top 200 Most Common Passwords globally. This year, we decided to take a more comprehensive approach. That’s why this year’s list, alongside a global overview, also provides a thorough look at the top 200 passwords of 50 different countries. This enables us to see certain password security trends across the globe. But that is not all. We also sorted the passwords by gender, which means we can have a clearer view of possible differences.

Global and local trends

In this world nothing can be said to be certain, except death, taxes, and people using 123456 as their password. Unfortunately, we have the infamous six-digit sequence ranking at the top of the global list once again. In fact,?123456?ranked number one in 43 of the 50 countries that we analyzed. And let’s not forget classics such as qwerty, password, password123, and 1q2w3e?as they still remain among the 20 most common passwords.

Plenty of other weak passwords are at the top of the password hall of shame, including 111111,?123123,?Iloveyou, and an upgraded version of the reigning champion,?123456789.

The analysis also revealed that people are quite fond of using their own names as passwords. Female names mostly dominate the women’s lists, and male ones men’s. However, the research uncovered a few interesting and rather peculiar password choices. Just look at the infographic below.

Sports and entertainment are other areas that people look for inspiration for their passwords. Passwords such as pokemon,?naruto, eminem, metallica, onedirection, liverpool, arsenal, and?sparta?were quite popular yet poor choices. However, this is nothing new. Over the summer, we saw a spike in?passwords inspired by the Tokyo 2020 Olympics. Generally speaking, the main trend we can see is that people are quite lazy when choosing a password to secure their online accounts.

Oh, almost forgot to mention that last Thursday, our Top 200 Most Common Passwords: 2021 report was featured on?Jimmy Kimmel Live!. The top passwords were presented to Americans on the streets to see how many people used the most common passwords to protect their accounts and to see how willing they were to share them with audiences all around the globe. You can watch the Jimmy Kimmel segment featuring the most common passwords right here (4:26-6:45) ????

Explore the full ?? Top 200 Most Common Passwords list here

Passwords continue to get weaker

As you can see, the top 20 passwords on the list are more or less useless. Most of us wouldn’t even need any advanced hacking know-how to crack them ourselves. Sadly, weak passwords continue to be a trend, and over the years, internet users seem to be getting worse at this.?84.5% of the passwords on this year’s list could be cracked in less than a second, compared to 73% last year. The steep rise is quite concerning. We’ve said it before, and we’ll say it again: passwords are the gateway to your digital lives, and they must be taken seriously.

Found your password on the list?

Check our blog post and find out what you need to do: https://nordpass.com/blog/are-we-still-lazy-with-passwords/