Password manager proprietor NordPass has released it’s third annual list of most common passwords. The firm worked with security experts to cull the top compromised passwords for 2022 from 3TB of stolen password data found on the dark web. What they found is like déjà vu, all over again.
2022’s most commonly found password “password” has been in the top 5 since 2019. “Password” was found nearly 5 million times in the NordPass list from the dark web. Eight variants of “password” are included in the list.
| Rank | Password | Count |
|---|---|---|
| 1 | password | 4,929,113 |
| 34 | pass@123 | 3,9046 |
| 56 | password1 | 25,113 |
| 139 | Password | 12,029 |
| 173 | password123 | 9,889 |
| 188 | Pass@123 | 9,359 |
| 189 | passw0rd | 9,349 |
| 192 | Password1 | 9,220 |
The second most popular password “123456” had held the number 1 spot in 2020 and 2021.
C-level passwords
NordPass also looked at leaked C-level passwords. The big bosses are not better than their staff. C-level staff use the same top ten bad passwords.
- 123456
- password
- 12345
- 123456789
- qwerty
- 1234
- qwerty123
- 1q2w3e
- 111111
- 12345678
Other password facts
For the first time the Nordpass results were broken out by gender. Both men and women favored the same top bad passwords.
Movies on the list:
#125 “superman” was used 12,100 times.
#171 “matrix” was used 10,122 times.
#185 “batman” was used 9,407 times.
#196 “starwars” was used 9,091 times.
Hockey teams are popular for bad passwords. “Detroit Red Wings” and “Columbus Blue Jackets” were among the most popular sports themed bad passwords.
On the music front, “U2”, “Prince” and “Metallica” were popular hacked passwords.
Small cars are popular for lazy passwords. “mini”, “kia”, and “vw” were frequently used.
2022’s worst passwords
| Rank | Password | Change from 2021 |
|---|---|---|
| 1 | password | +4 |
| 2 | 123456 | +1 |
| 3 | 123456789 | -1 |
| 4 | guest | New |
| 5 | qwerty | -1 |
| 6 | 12345678 | 0 |
| 7 | 111111 | 0 |
| 8 | 12345 | -5 |
| 9 | col123456 | New |
| 10 | 123123 | -2 |
| 11 | 1234567 | -1 |
| 12 | 1234 | +5 |
| 13 | 1234567890 | -4 |
| 14 | 000000 | -2 |
| 15 | 555555 | New |
| 16 | 666666 | +8 |
| 17 | 123321 | +2 |
| 18 | 654321 | +5 |
| 19 | 7777777 | New |
| 20 | 123 | New |
| 21 | d1lakiss | New |
| 22 | 77777 | New |
| 23 | 110110jp | New |
| 24 | 1111 | New |
| 25 | 987654321 | 0 |
rb-
It is worth pointing out again, and again again.
Make sure none of your passwords are on this (or any other list). If they are log on and change them immediately. - Use two-factor authentication, whenever possible. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. Not sure if your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
- Consider a password manager. Your brain is no longer an adequate password manager.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.