By: Alex McOmiePassword manager reviewer
Editor: Owen DubielIT security and VPN expert
While different studies tend to be at least slightly different from each other, recent research generally agrees on a similar list of the most common passwords. The top two most common passwords are identical across numerous sources, including NordPass, Cybernews, and CNBC. There are some minor discrepancies further down the list, but you should take care to avoid any of the passwords mentioned below:
Naturally, your first takeaway should be that basic sequences of numbers aren’t going to do much to keep your accounts safe.
If a hacker wants to get into an account, the first password they’re going to try is a sequence of numbers that matches the minimum password length required by that particular site. For example, on a website that requires passwords of at least eight characters, the most common password is probably 12345678.
Number sequences are about as easy as it gets with respect to password cracking, but there are many other password weaknesses to be aware of. Here are some of the other common password mistakes to avoid that all internet users should know about in 2022.
Location-specific elements obviously vary from one place to another, so none of them make a list of the most common passwords overall. At the same time, they would be much more common if you narrow the scope to a particular place or region.
For example, Cybernews found that both “abu” and “rome” were represented in more than 1 million passwords. Similarly, well-known sports teams like “liverpool,” “arsenal,” and “chelsea” appeared in more than 600,000 each.
On one hand, that means that they were included in a very small percentage of the overall sample of roughly 15 billion. However, it’s fair to assume that people who live close to Liverpool or Rome use those terms much more often than people in the rest of the world. With that in mind, adding terms that relate to your location could make your password much easier to guess for anyone who knows the area you live in.
Websites and apps often require capital letters, numbers, and special characters along with password length to help protect user accounts. One problem with these requirements is that users tend to deal with them in predictable ways. Since many people reuse passwords on multiple sites, it’s extremely common for them to simply add the required characters to the end of the base password.
Scrolling down the longer list of common passwords from NordPass, we noticed that “qwerty123” was 11th, “aa12345678” was 14th, “abc123” was 15th, “password1” was 16th, and “password123” was 20th. That trend continues down the list with entries like “qwerty1” (48th), “qwer1234” (68th), “target123” (89th), or “asdasd123” (93rd). Neither capital letters nor special characters are accounted for on this list, but most people intuitively capitalize the first letter and add special characters to the end.
With so many people adding these kinds of elements to the beginning and end of their passwords, this strategy may not be as secure as you think. Sequences like “123” are already predictable, and the issue is even worse when they’re simply tacked onto the end of a password. Instead, you should be integrating all kinds of characters throughout your password so that the sequence is more difficult to guess.
Birthdays and names are some of the other elements most commonly seen in passwords in 2022. People tend to use the names of their pets and children, but they also use others such as the names of parents or partners.
Like location-specific details, individual birthdays and names don’t show up on “most common” lists since they’re different for different people. Taken together, however, birthdays and names are two of the most frequently used elements in contemporary passwords.
Cybernews found that every birth year from 1975 to 2010 appeared in at least 3 million passwords out of their sample of 15 billion. 2010, the most common individual year, showed up in nearly 10 million.
Looking at the numbers, 10 million out of 15 billion is less than 1/10th of a percent. As such, people born in 2010 only make up a small portion of the overall group of internet users. If you assume that that group works out to 2% of all internet users, the conclusion would be that about one out of 30 use their birth year in their passwords.
It’s impossible to determine exactly what percentage of people use their birthdays, but it’s high enough to make them an insecure password choice. Since birthdays and the names of pets, children, parents, and partners are all relatively public pieces of information, it’s a good idea to avoid all of these when creating new passwords.
Avoiding the most popular passwords goes a long way toward making your accounts more secure, but you also need to watch out for some other common mistakes.
If your password is the same for every account, a hacker would only need to crack one of those passwords to log into all of them. You should use a different password for every single account to optimize your cybersecurity fully.
The longer you use the same password, the more likely it’s that someone can compromise it. It’s a good idea to change your passwords at least once every 90 days to stay one step ahead of bad actors who want to access your accounts.
While passwords can be difficult to remember, passphrases typically are much easier to remember. At the same time, they offer much more security against brute force attacks due to their greater length.
Passphrases are passwords made up of a sequence of words ― usually about four. Users often separate each word of a passphrase with an en dash (-) or other marking. An effective passphrase could be something like whistle-number-stacks-candles.
Conventional passwords are still secure if you follow basic best practices, but many people find passphrases to be more intuitive. Our guide to creating strong passwords helps you come up with better passwords and make your accounts as secure as possible.
If you saw any of your own passwords on this list, you should switch them to strong, unique passwords as soon as possible. Of course, you may also want to optimize other passwords, even if they’re not among the most popular passwords in 2022.
Password managers are the easiest way to store, sync, and autofill your passwords for different accounts. Most of the top password managers also come with password generation tools that can instantly create strong, unique passwords. Check out our list of the best password managers for more information.