When you sign up for a new online account, you usually see a list of password requirements. For example, a website might ask you to create a password containing eight or more characters, including capital letters, numbers, and special characters.

These rules are better than nothing, but a password can be easy to crack even if it meets basic requirements. The average internet user has roughly 100 different accounts, so people tend to stick with simple passwords that are easy to remember. Since hackers know popular password habits, the common ones are particularly vulnerable.

We’ll look at some of the most common passwords and patterns in 2024. Changing your passwords to something unique makes them much more difficult for hackers to guess.

What Are the Most Common Passwords in 2024?

While studies tend to vary, recent research generally agrees on a similar list of the most common passwords. The top two most common passwords are identical across numerous sources, including NordPass and CNBC. There are minor discrepancies further down the list, but avoid any of the passwords mentioned below:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10.  1234567890

Basic sequences of numbers won’t do much to keep your accounts safe. If a hacker wants to get into an account, they first try a sequence of numbers that matches the minimum password length required by that particular site. For example, on a website that requires passwords of at least eight characters, the most common one is probably 12345678.

What Other Types of Passwords Are Common?

Number sequences are about as easy as it gets concerning password cracking, but there are many other password weaknesses to be aware of. Avoid some of these common mistakes in 2024.

Cities, sports teams, and location-specific elements

Location-specific elements vary from one place to another, so none make a list of the most common passwords overall. At the same time, these would be much more common if you narrow the scope to a particular place or region.

For example, “abu” and “rome” were represented in more than 1 million passwords. Similarly, well-known sports teams like “liverpool,” “arsenal,” and “chelsea” appeared in more than 600,000 each.

On one hand, these were included in a small percentage of the overall sample of roughly 15 billion. However, people who live close to Liverpool or Rome likely use those terms much more often than people in the rest of the world. Adding terms related to your location could make your password much easier to guess for anyone who knows your area.

Capitals at the beginning; numbers and special characters at the end

Websites and apps often require capital letters, numbers, and special characters along with password length to help protect user accounts. But users tend to deal with these in predictable ways. Since many people reuse passwords on multiple sites, it’s extremely common to simply add the required characters to the end of the base password.

With so many people adding these elements to the beginning and end of their passwords, this strategy may not be as secure as you think. Sequences like “123” are already predictable, and the issue is even worse when they’re simply tacked onto the end of a password. Instead, integrate all kinds of characters throughout your password to make guessing the sequence more challenging.

Birthdays and names

Birthdays and names are some of the other elements most commonly seen in passwords. People tend to use the names of their pets and children, but they also use others, such as the names of parents or partners.

Like location-specific details, individual birthdays and names don’t appear on “most common” lists since they vary for different people. But birthdays and names are frequently used elements in modern passwords.

Every birth year from 1975 to 2010 appeared in at least 3 million passwords out of a sample of 15 billion. 2010, the most common individual year, showed up in nearly 10 million. About one out of 30 people use their birth year in their passwords —  an insecure password choice. Since birthdays and the names of pets, children, parents, and partners are all relatively public information, it’s a good idea to avoid them when creating new passwords.

Need a password manager?
Protect your data with these top-rated password managers.
Best password generator for enterprise
Best value password manager
Best password manager for security

How Can You Create a Stronger Password?

Avoiding the most popular passwords goes a long way toward making your accounts more secure, but you must also watch out for other common mistakes.

  • Create unique passwords: If your password is the same for every account, a hacker would only need to crack one of those passwords to log into all of them. Use a different password for every account to optimize your cybersecurity fully.
  • Change your passwords regularly: The longer you use the same password, the more likely someone can compromise it. Change your passwords at least once every 90 days to stay one step ahead of bad actors who want to access your accounts.
  • Use passphrases: While passwords can be difficult to remember, passphrases are typically much easier to remember. At the same time, they offer much more security against brute force attacks due to their greater length. Passphrases are passwords made up of a sequence of words ― usually about four. People often separate each word of a passphrase with an en dash (-) or other marking. An effective passphrase could be something like whistle-number-stacks-candles.

Conventional passwords are still secure if you follow basic best practices, but many people find passphrases more intuitive. Our guide to creating strong passwords helps you make your accounts as secure as possible.

What Should You Do Next?

If you saw any of your passwords on this list, switch them to strong, unique passwords as soon as possible. You may also want to optimize other passwords, even if they’re not among the most popular passwords.

Password managers are the easiest way to store, sync, and autofill your passwords for different accounts. Top password managers also come with password-generation tools that instantly create strong, unique passwords. Check out our list of the best password managers for more information.


Frequently Asked Questions About Common Passwords

  • What are the most common passwords?

    Some of the most frequently-used passwords include 123456, 123456789, 12345678, password, and password1.

  • What is the average number of passwords per person?

    The average person has 100 passwords.

  • What is the No. 1 used password?

    123456 is the most common password.

Learn More


About The Password Manager, Gunnar Kallstrom:

Kallstrom, The Password Manager, is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has worked as a Computer Network Defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.

He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.

Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.

Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).