10+ Most Common Passwords That You Must Never Use
10+ Most Common Passwords That You Must Never Use

Although many of us know the dangers of weak passwords, it doesn’t stop us from choosing them. We rely on passwords to protect some of our most sensitive information, from dates of birth and addresses to security codes, and credit card data.

Yet, still, we often opt for the same easy-to-guess passwords that cybercriminals can hack in a matter of seconds. Criminals use a variety of methods to hack our accounts, with one of the most popular being credential stuffing. Attackers find lists of compromised credentials – usually available from data leaks or purchased from the dark web – and combine stolen usernames and passwords together across hundreds of websites until they get access to your account. But usually, it’s not just one account.

The majority of us use the exact same password across several accounts to avoid the frustration of being locked out of accounts and having to remember long, complicated passwords. But the risks associated with weak passwords cannot be ignored.

Password hacks are responsible for 81% of all data security breaches, making them the leading cause of compromised personal data. Reusing weak passwords gives hackers access to all of our apps and site logins in no time at all, leaving you vulnerable to fraud, identity theft, and other harmful cyber attacks.

We’re certainly not short of options to secure our passwords, either. There are plenty of password generators, managers, and other tools available to create unhackable passwords. Password managers, such as the CyberGhost Password Manager, even remember them for you, so you don’t have to.

Many websites also make stronger passwords a requirement, specifying the number of characters you should use, or that they should include a mixture of numbers, letters, and symbols. Some won’t even let you create an account if they think you’re using a fragile password.

So, what’s our excuse for making weak passwords to protect all of our personal or confidential information? Nothing, really.

How passwords get hacked

There are various ways hackers can steal your password which include brute force attacks, phishing methods, password spraying, keylogging, credential stuffing, and more. Out of these methods, password spraying is the one in which the attacker tests the most common passwords to get access to your account.

Brute force is another popular method that hackers use to crack someone’s password. In this method, the attacker tries all possible combinations of characters to find the right password that matches. All this was done by the bots automatically. Brute force attack has limited scope now as most of the services have put restrictions on the number of wrong password attempts.

Sometimes you can also be a victim of a phishing attack where you unknowingly give your login credentials to a fake website that looks almost like the original. To protect yourself from phishing, always make sure to verify the website or app where you are providing your password.

Last but not the least, keylogging is also a popular way that hackers use to steal passwords from the victim’s device. Keylogging simply means recording the strokes you type on the keyboard. The hacker will install the keylogger tool on your device and it will then record the characters you use while typing your password.

What is the Kind of Passwords You Shouldn’t Create?

Photo: securitymagazine
Photo: securitymagazine

1. Use a Simple Password

One thing that password breaches in the past have shown us is that the most widely used passwords are the dumbest. Here are the ten most common passwords:

  1. 123456
  2. 12345
  3. 123456789
  4. password
  5. iloveyou
  6. qwerty
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

It turns out that you have a good chance of getting into many peoples’ accounts – and computers – by just typing “123456.” Or even “password.” Or just the six letters on the top row of a keyboard, “qwerty.” Use something uncommon and you’ve reached first base.

2. Use a Password That’s Easy to Guess

Let’s say you have a son named “Chauncey.” When you’re asked for a password that has to be at least 8 characters long, you figure it’s a good idea to use his name. But anyone who can view your Facebook page will see a picture with him, with a comment such as, “Here’s Chauncey on the beach.” That is a pretty obvious clue; many people use the names of their children or their pets as passwords. And these are easy enough to find as we publish more and more of our private lives in public forums.

Skip over this idea, and you get to second base.

3. Use the Date of Your Wedding (or Birthday, or Child’s Birthday…)

So you got married on 6/23/2004. Since many sites require that you use at least eight characters for a password, you can change this to 06232004; that’s certainly a password you’ll never forget. That would be a good password, right? Not really. First, it’s pretty easy to find; there are all sorts of databases containing that kind of information. Second, plenty of friends and co-workers know the date of your anniversary. Pictures on your Facebook page, details on your personal blog, or tweets like, “Happy anniversary to my sweetheart” are all giveaways. The same goes for your birthday, your child’s birthday, your spouse’s birthday, and so on.

If you don’t use well-known or easy-to-guess dates as your password, congratulations, you’ve just advanced to third base.

4. Use the Same Password on Many WebSites

It’s a lot easier to remember one password than dozens of different ones, right? So you come up with a one really good password and you use it everywhere: Facebook, Twitter, Amazon, eBay, PayPal… Or what if you’ve used it on Linkedin, eHarmony or last.fm, all sites that were recently breached? This is the main reason why cyber-criminals want to harvest passwords. If they get a user name and password and then find that it works on other web sites, they can usurp your identity, and perhaps even liquidate your assets. They can even buy things using your credit card – which is stored on, say, Amazon – and have them shipped to their addresses.

If you avoid these four password failures, you’re well on your way to hitting a secure password home run.

In the next installment, I’ll cover how you can easily create secure passwords to protect your accounts and better safeguard your personal information. In the meantime, have you committed any password fails? Feel free to tell us your personal password mistakes in the comments.

10+ Most Common Passwords That You Must Never Use

It seems people still like using: "123456" and "password" with both occupying the top spots on most used password lists every single year. NordPass says that people love using their names, favourite bands, and other easy-to-guess passwords as well.

The full list of worst passwords:

  1. 123456
  2. 123456789
  3. 12345
  4. qwerty
  5. password
  6. 12345678
  7. 111111
  8. 123123
  9. 1234567890
  10. 1234567
  11. qwerty123
  12. 000000
  13. 1q2w3e
  14. aa12345678
  15. abc123
  16. password1
  17. 1234
  18. qwertyuiop
  19. 123321
  20. password123
  21. 888888
  22. princess
  23. dragon
  24. password1
  25. 123qwe

Many companies have stepped up their efforts to ensure we use strong passwords. Apple automatically now suggests "strong passwords" when any form prompts you to create one, as does Google with Chrome. Meanwhile, Microsoft offers several tips on how to choose safe passwords too.

It says that a good password should be eight or more characters long, not be your user name, real name, or company name, and, in fact, not contain a complete word at all. It should also be different to passwords used elsewhere and contain at least one each of the following: an upper-case letter, a lower-case letter, a number and a symbol (such as £ or $).

Top 10 most common screen lock passwords

We all use a 4-digit PIN numbers to lock our smartphones. As we have to unlock our phones several times in a day, we prefer to choose a PIN number which is easy and quick to type. Below we have listed some of the most common screen lock passwords that people use on their smartphones –

  • 1234
  • 0000
  • 1111
  • 4444
  • 1212
  • 1010
  • 2580
  • 8888
  • 4444
  • 2222

Top 10 most common Wi-Fi passwords

Most people don’t care about their Wi-Fi and mobile hotspot password and they choose the simplest one which is very easy to remember. If you ever find a Wi-Fi connection and you need to use the Internet, you can try out these most common passwords –

  • qwerty
  • password
  • 123456789
  • 123456
  • abc123
  • abcdefgh
  • admin
  • student
  • password123
  • 123123
  • welcome

How to Build a Better Password

Photo: cybertalents
Photo: cybertalents

To create a stronger password, and to stay off next year's list, follow these fool-proof tips from Norton Security:

Don't use personal information like pet names or numbers, especially those from your address, social security, phone number, or birthday. This information is often exposed online as it's needed to fill out most basic forms. Therefore, you should assume that hackers may have this information about you in their hands.

Avoid using real words at all. Tools that are used to crack passwords are pretty efficient at processing words from the dictionary, plus alphanumerical combinations of letters and numbers. So rather than using a name or common term, use special characters like "&" and "$." While it's a great start to switch out letters for special characters that closely correspond, like swapping an "S" for a "$," it's the most obvious variant of those dictionary phrases. The more creative you get, the less chance there is that a password-cracking tool will help bad actors guess your combination.

The longer, the better. Aim for at least 10 characters.

Make common phrases more complicated. Think of something that's easy for you to remember, like a phrase from a song, and make it more difficult to guess. So turn "100 Bottles of Beer on the Wall" into "100BoBotW."

Don't write your passwords down. Seriously, don't. Use a password manager to keep encrypted copies of all of your usernames and passwords on your browser. Google Chrome does this on its own if you opt-in, but there are paid third-party options, too.

Regularly change your password. Many enterprise-level employers actually require that you change the passwords on your accounts to keep the whole organization secure. You should be doing this on your own time, too, especially for your financial accounts. That's because passwords are made public after a data breach, and the username/password combinations are sold on the darknet. The longer your password sits there and festers, the better the chance it'll be exposed in a breach.

Don't reuse passwords. If a hacker cracks your login information for one website, all of your accounts will be compromised. If you're struggling to think something up, use a random password generator, which takes advantage of whatever parameters you tell it to use.

Beware of using public devices or networks. Never enter your password on someone else's computer if you can help it. And when using public Wifi, avoid sites that require you to log in, especially if it's for a bank or another financial service. If you absolutely must use a public device or network, be sure to use a virtual private network, or VPN, to secure your connection.

Use two-factor authentication: This is a method for verifying your identity by using more than one type of verification. Some kinds of two-factor authentication, or 2FA, include:

  • Something you know: a PIN number, password, or pattern.
  • Something you have: an ATM or credit card, mobile phone, or security token (like a YubiKey).
  • Something you are: a biometric form of authentication, such as your fingerprint, your voice, or your face.

Test your password: You can test the strength of your password by visiting this site and typing it in. Don't worry, the site isn't creating a repository of passwords, because your information is never sent over an internet connection (you don't even need to press 'enter' or click a button to see your result). The coolest part? As you type, the software tells you approximately how long it would take a computer to figure out your password. The site turns red if your password is weak, but slowly turns green as you make it stronger. It'll even give you tips on how to improve your password security.

Apps to protect your passwords

Photo: Sticky Password
Photo: Sticky Password

Now we've cleared that up, let us run you through a couple of the best we've found to help keep account hackers at bay.

1. 1Password

This is a password manager. It remembers all your passwords for you, lets you generate passwords, and easily signs you into sites and apps.

2. LastPass

LastPass is available across the vast majority of internet browsers and mobile devices and can be used on both Windows and Mac. It's installed as an extension in your browser and appears as a button in the browser toolbar so you can quickly and easily manage your LastPass account.

While it will remember all your passwords for all your accounts, it does require you to remember just one master password to log in with, which shouldn't be too hard at all. You'll want to make this password as strong as you can, to prevent anyone from hacking in and stealing all your other passwords.

You save passwords to your 'vault', and you can either add them manually or get LastPass to save them automatically the next time you login to a particular site or service.

If you want to change one of your current passwords to something different, you can, and LastPass can generate a random sequence of letters and numbers to make your account extra secure. And of course, you won't need to worry about remembering the tricky sequence as LastPass will do that for you.

You can download the mobile app to your device as well, and all your saved passwords will sync across, just as long as you remember that all-important master password. While it will remember passwords for any websites you visit on your mobile device, you'll need to pay a small monthly fee for it to remember passwords for your applications.

You don't just have to save account passwords in LastPass though, as it can also be a place to store notes, Wi-Fi passwords or details of your driving license and you can save your debit and credit card details so you can autofill them in when you go to buy something online.

The free version of LastPass is limited to one active device (i.e. a laptop or a phone) not both, but you can pay a small yearly fee for premium access.

3. KeePass

KeePass is a free-to-download, open-source password manager for Windows. You can install it on Linux and Mac computers, but you'll need to run it through Mono, which lets you install Microsoft applications on different platforms.

There are unofficial ports available for iOS and Android devices. This means you can create the database on your computer and copy it to your phone to use on the go.

KeePass works much in the same way as LastPass by storing usernames and passwords for different accounts in a database as encrypted files. You can also store notes and other file attachments.

The database of passwords is secured by a master password, key files and/or the current Windows account details, and everything is stored locally on your computer as opposed to in the cloud.

KeePass has a password generator to come up with super-secure passwords to use for your different accounts and it supports a vast number of plug-ins, all of which can be seen on KeePass's website.

Because of the slightly more difficult way to install KeePass on Mac and Linux-based systems, we'd say it's only really a worthy contender for Windows users.

4. Dashlane

Dashlane works in a very similar way to LastPass. It works across various browsers and mobile devices, and can generate passwords with up to 28 characters to make them virtually impossible to bypass. Dashlane will monitor the passwords you have saved for all your accounts, and will instantly let you know if any of your accounts are compromised.

When you first install Dashlane, it will scan the history of any internet browsers you have installed and check for any saved passwords. Whatever it finds it can then import. It's a really handy way to get all your passwords saved instantly, instead of having to remember where you have accounts or manually saving them each time you log in to a new website.

When you log in to Dashlane, you'll need to enter your email address and then a security code that is sent to that email. Once you've put that in, you'll then be asked for your master password.

If any of your saved passwords are old and in need of a refresh, Dashlane can do so at the click of a button. Simply select the passwords you wish to change, press 'change' and they'll be updated and saved with new ones. It can also tell you how safe your current passwords are, in the case of this writer, the passwords could definitely do with an update.

Unlike LastPass however, Dashlane can't store passwords for applications on your mobile devices.

There is a Premium tier of Dashlane which gives you unlimited password syncing across all your devices, gives you a secure and encrypted backup of your account in the cloud, and allows you to log in to your Dashlane account from any web browser.

5. Sticky Password

Sticky Password is another browser tool that stores your password behind a master password key but can also rely on fingerprint authentication to log you into your account. It's supported across several platforms including iOS, Windows, Mac and Android, and has extensive browser support.

The free tier doesn't let you sync data across your devices, that benefit is reserved for the Premium tier. With it, you can sync your password data to your devices via local Wi-Fi or via the cloud, you can also save an encrypted backup of your passwords to the cloud if you wish.

If you pay for the Premium tier, a portion of the money goes to help support endangered manatees, so you'll be doing some good, along with keeping your accounts safe.

We prefer the interface of LastPass and Dashlane, but Sticky Password is still easy and simple to use and is a great option for storing all your passwords in one place.

Why is password security important?

All name and boy band-related goofs aside, the reality is that password security is easily the most effective way to protect your data online. Whether to be employing extremely complicated passwords or using a password manager, these small steps can save you a load of trouble down the road, even if you engage in other behavior that makes your personal information vulnerable.

In fact, according to the Cybersecurity and Infrastructure Agency, the value of a good password is undeniable when it comes to the protecting yourself online.

“Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of non-secure and inadequate passwords. Once a system is compromised, it is open to exploitation by other unwanted sources.”

Unfortunately, the state of password security is dire, as is evident from this study. To make matters worse, a Google study found that 59% of users put their name or birthday in their passwords, 43% have shared their passwords with another person, and only 45% would change their password if they learned of a security breach.

Simply put, passwords are important and people just aren't getting on board.

Simple Ways to Find Wi-Fi Password on iPhone | A Complete Guide - Step by Step Simple Ways to Find Wi-Fi Password on iPhone | A Complete Guide - Step by Step

Knowing all of your passwords takes a bit of effort, and this is why you should know this topic of how to find WiFi passwords ...

Easy Steps To Change Password On iPhone & iPad 2022 Easy Steps To Change Password On iPhone & iPad 2022

Changing the passwords on iPhone and iPad might be confusing at first, but this step by step guide will help you through this and understand ...

Simple Ways To Change Netflix Password From A Web Browser, Mobile Simple Ways To Change Netflix Password From A Web Browser, Mobile

Forgetting your Netflix password, then trying to change it might be annoying and difficult for some people. In the article below, we will show you ...