Is Your Password on This “100 Common” List? Find Out Now!
Last Updated:
If you’re using any of these passwords, it’s time to change ’em up ASAP!
In my last article about password safety, I exposed 20 most common blunders but today, we’re taking a step further by unveiling the most common passwords.
Look, we’ve all been there. You need to create a password for yet another online account and your mind just blanks.
It’s tempting to go with something easy to remember like “123456” or “password“.
But resist that urge! Those kinds of passwords are an open invitation to hackers.
To drive home the point, here are the 100 worst passwords you could possibly choose.
I’m talking the most common, easily guessed, downright terrible passwords that you should avoid like the plague.
Ready? Let’s dive in!
The Hall of Shame: Top 10 Most Common Passwords
- 123456
- 123456789
- qwerty
- password
- 111111
- 12345678
- abc123
- 1234567
- password1
- 12345
Yikes! If any of your passwords are on this list, change them immediately! These are the first ones hackers will guess.
But the problems don’t stop there. Other common (read: terrible) passwords include:
- Birthdays and years (e.g. Johan1990)
- Default passwords (e.g. admin, guest)
- Common names (e.g. michael, jennifer)
- Simple keyboard patterns (e.g. qazwsx, 1q2w3e)
- Favorite sports, teams and athletes
- Pop culture references and fictional characters
Hackers have tools that can rapidly guess thousands of these common passwords. If yours is on the list, your account could be compromised in seconds. Scary stuff!
So, without further ado, here are the 100 most frequently used passwords, along with why they’re so awful:
100 Most Common Passwords
Password | Why It’s Terrible |
123456 | Sequential numbers are easy to guess |
123456789 | Adding more sequential numbers doesn’t help |
qwerty | Keyboard pattern is a common hacker target |
password | The most obvious password choice |
111111 | Repeating numbers are a no-go |
12345678 | More sequential numbers, still terrible |
abc123 | Mixing alphabet and numbers is not enough |
1234567 | Yet another sequential number password |
password1 | Adding a “1” doesn’t make it secure |
12345 | Even shorter sequential numbers are worse |
1234567890 | The longer the sequence, the easier to guess |
123123 | Repeating a short sequence is not clever |
000000 | All zeros? Really? |
iloveyou | Too common and easy to guess |
1234 | Very short sequences are a hacker’s dream |
1q2w3e4r5t | Keyboard patterns are not secure |
qwertyuiop | Another keyboard pattern that’s easily guessed |
123 | Incredibly short and easy to crack |
monkey | Using a common word is not safe |
dragon | Another common word that’s easily guessed |
123456a | Adding a letter to a sequence doesn’t help much |
654321 | Reverse sequential numbers are still bad |
123321 | Palindromic sequences are not secure |
666666 | Repeating a short number sequence is terrible |
1qaz2wsx | Keyboard patterns strike again |
myspace1 | Using a website name with a number is not smart |
121212 | Repeating pairs of numbers is easily guessed |
123qwe | Mixing numbers and a short keyboard pattern is bad |
a123456 | Starting with a letter followed by numbers is common |
123abc | Mixing numbers and alphabet is still not enough |
1q2w3e4r | Another keyboard pattern that’s easily cracked |
qwe123 | Short keyboard pattern with numbers is not secure |
7777777 | Repeating the same number is a terrible idea |
qwerty123 | Keyboard pattern with numbers is still bad |
target123 | Using a common word with numbers is not safe |
tinkle | Using a silly word doesn’t make it secure |
987654321 | Reverse sequential numbers are just as bad |
qwerty1 | Adding a “1” to a keyboard pattern doesn’t help |
222222 | Repeating the same number is never good |
zxcvbnm | Another keyboard pattern that’s easily guessed |
1g2w3e4r | Slight variation on a keyboard pattern is still bad |
gwerty | Misspelling a keyboard pattern doesn’t make it secure |
zag12wsx | Keyboard pattern with slight variation is terrible |
gwerty123 | Misspelled keyboard pattern with numbers is bad |
555555 | Repeating the same number is always a bad idea |
fu**you | Using a swear word is not clever or secure |
112233 | Sequential pairs of numbers are easily guessed |
asdfghjkl | Yet another keyboard pattern that’s not secure |
1q2w3e | Short keyboard pattern is a hacker’s dream |
123123123 | Repeating a short sequence is terrible |
qazwsx | Another keyboard pattern that’s easily cracked |
computer | Using a common word is never a good idea |
princess | Another common word that’s easily guessed |
12345a | Adding a letter to sequential numbers doesn’t help |
ashley | Using a common name is not secure |
159753 | Random-looking numbers are still not safe |
michael | Another common name that’s easily guessed |
football | Using a popular sport is a bad idea |
sunshine | Common words are not secure, no matter how nice |
1234qwer | Mixing sequential numbers and a keyboard pattern is bad |
iloveyou1 | Adding a “1” to a common phrase doesn’t help |
aaaaaa | Repeating the same letter is incredibly easy to guess |
fuckyou1 | Adding a “1” to a swear word doesn’t make it better |
789456123 | Sequential numbers in a different order are still bad |
daniel | Another common name that’s not secure |
777777 | Repeating the same number is never a good idea |
princess1 | Adding a “1” to a common word doesn’t make it safe |
123654 | Sequential numbers in a different order are still bad |
11111 | Repeating the same number is always terrible |
asdfgh | A short keyboard pattern is not secure |
999999 | Repeating the same number is a hacker’s dream |
11111111 | Longer repeating numbers are still terrible |
passer2009 | Using a common word with a year is not safe |
888888 | Repeating the same number is never good |
love | Using a common word is not secure |
abcd1234 | Mixing alphabet and sequential numbers is bad |
shadow | Another common word that’s easily guessed |
football1 | Adding a “1” to a popular sport doesn’t help |
love123 | Mixing a common word with numbers is not safe |
superman | Using a superhero name is not secure |
jordan23 | Using a celebrity name with numbers is bad |
jessica | Another common name that’s easily guessed |
monkey1 | Adding a “1” to a common word doesn’t make it better |
12qwaszx | Keyboard pattern with slight variation is terrible |
a12345 | Starting with a letter followed by sequential numbers is bad |
baseball | Another popular sport that’s not secure |
123456789a | Adding a letter to sequential numbers doesn’t help much |
killer | Using a threatening word is not clever or secure |
asdf | A very short keyboard pattern is incredibly easy to guess |
samsung | Using a brand name is not a good idea |
master | Another common word that’s easily guessed |
azerty | A different keyboard layout pattern is still not secure |
charlie | Another common name that’s easily cracked |
asd123 | Mixing a short keyboard pattern with numbers is bad |
soccer | Yet another popular sport that’s not secure |
FQRG7CS493 | Even a random-looking combination can be guessed |
88888888 | Repeating the same number is never a good idea |
jordan | Another celebrity name that’s easily guessed |
michael1 | Adding a “1” to a common name doesn’t make it safe |
Whew! What a list. I don’t know whether to laugh or cry. But using weak passwords is no laughing matter.
Why It Matters
Now, you might be thinking, “Who cares if my password is weak? I’ve got nothing to hide!” Well, think again. Weak passwords make it easy for hackers to:
- Steal your identity
- Access your email and social media accounts
- Make purchases with your saved payment info
- Gain a foothold to infiltrate your employer’s network
- Lock you out of your own accounts!
According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
Moreover, the Cost of a Data Breach Report by IBM Security found that the global average cost of a data breach reached $4.45 million in 2023, a 2.3% increase from 2022.
Trust me, you don’t want to learn this the hard way. Taking a few minutes now to strengthen your passwords can save you from major headaches (and heartaches) down the road.
Common Hacking Techniques
So, how exactly do hackers exploit weak passwords? Let’s look at a few common techniques:
- Dictionary Attacks: Just like it sounds, hackers use software that rapidly tries every word in the dictionary (plus common variations) as your password. If your password is a simple word or phrase, it’s toast.
- Password Spraying: Hackers take a list of super common passwords (like the ones above) and “spray” them at hundreds or thousands of accounts, hoping to get lucky. It’s a numbers game, and weak passwords make it easy to win.
- Credential Stuffing: Remember all those big data breaches you’ve heard about? (More on those in a sec.) Well, hackers take huge lists of leaked usernames and passwords and try them on other sites, betting that people reuse passwords. Spoiler alert: they do.
- Social Engineering: Sometimes, hackers don’t even need to guess. They might send you a phishing email, posing as your bank or a coworker, tricking you into revealing your password. Or they might scour your social media for clues (birthdays, pet names, etc.) to guess your password.
Scared yet? Don’t be. Just be smart with your passwords!
Lessons from Data Breaches
You’ve probably heard about major data breaches at companies like Yahoo, LinkedIn, Adobe, and others. Millions of usernames and passwords, suddenly out in the open. Yikes.
- The Yahoo data breach, which occurred in 2013-2014 and was disclosed in 2016, impacted 3 billion user accounts
- The First American Corporation data leak in 2019 exposed approximately 885 million sensitive records, including Social Security numbers, driver’s license images, and bank account details.
- In the 2012 LinkedIn data breach, 117 million user passwords were compromised and later resurfaced on the dark web in 2016.
But these breaches are a goldmine for hackers and a hard lesson for the rest of us.
Security researchers analyze these password dumps and find the same weak, overused passwords popping up again and again.
Websites like Have I Been Pwned and Dehashed let you check if your info has been compromised in a known breach.
Trust me, it’s worth a look. (And if you find your password on one of these sites, change it EVERYWHERE you’ve used it!)
Crafting Strong Passwords
Here’s the deal everyone – you’re the first line of defense in protecting your own information online.
So PLEASE, for the love of all things cyber, use strong, unique passwords!
So, what makes a password strong? A good password should be:
- Mix it up: Use a blend of uppercase, lowercase, numbers, and symbols.
- Go long: 12 characters minimum. 20+ is even better! The National Institute of Standards and Technology (NIST) recommends using passwords that are at least 8 characters long, and up to 64 characters long
- Stay random: Avoid dictionary words, personal info, or anything guessable.
- Different sites, different passwords: NEVER reuse! Every account needs its own.
- Enable two-factor authentication: That second layer of security can be a lifesaver.
- Consider a password manager: Securely store and generate strong passwords for you. A survey by Security.org found that only 34% of Americans use a password manage.
One great technique is to use a passphrase – a string of 4+ random words.
Passphrases are long enough to be secure but much easier to remember than a gibberish mix of characters.
Here’s my personal favorite way to make a strong password – a method I’ve been using for years:
Take a phrase you’ll remember, like “I love to read Binod’s PC tips!”, and turn it into an acronym with some numbers and symbols mixed in, like this:
ILtRB’sT#t20!
It’s long, complex, and easy to remember.
But wait, we can make it even stronger! Let’s kick it up a notch by adding a few more symbols and swapping out some letters for numbers:
!Lt8B’$PCt!p$20*
Now we’ve got a password that’s practically uncrackable! Here’s why:
- It’s even longer – 17 characters is a hacker’s nightmare.
- We’ve added more symbols and numbers, making it extra complex.
- By swapping out some letters for visually similar numbers (like “B” for “8”), we’ve made it harder for password cracking algorithms to guess.
- But it’s still based on a memorable phrase, so you won’t forget it.
I’ve been using this method for years, and it’s never let me down. My passwords are always strong, unique, and easy for me to remember (but not for anyone else to guess!).
Of course, you don’t have to go quite this crazy with your passwords (though if you want to, go for it!).
The key is to start with a unique, personal phrase and mix in some complexity.
However, even with a password this strong, I still recommend using a password manager for maximum security.
Password managers can generate super-complex passwords for each of your accounts and store them securely, so you don’t have to remember them all.
All you have to remember is one “master password” to unlock the vault.
I was a LastPass user for a long time, but recently switched to the self-hosted version of Bitwarden.
I love that it gives me total control over my password vault and lets me access my passwords from anywhere, on any device.
How We Collected the Most Common Passwords
To compile this list of the 100 most common passwords, we scoured data breach records, security surveys, and public password dumps.
Time and time again, the same terrible passwords showed up among millions of exposed credentials.
The “Have I Been Pwned” website, maintained by cybersecurity expert Troy Hunt, has collected over 13 billion compromised accounts from various data breaches.
But here’s the scary part – if your password is on this list, it’s not just common… it’s compromised.
Hackers have huge lists of these common passwords and can crack accounts using them in minutes.
Found This Helpful?
Did you find any of your passwords on the “100 worst” list? (No need to tell me which ones! 😅)
If you spot any of your passwords here, change them immediately. And spread the word to your friends and family.
Did you find this password security guide useful? I’d love to hear your thoughts!
What was the most eye-opening part for you? Is there anything you’d like me to explain in more detail?
Your feedback helps me create better content to keep you and your accounts safe.
So don’t be shy – hit me with your questions, comments, and suggestions below!
Great information and I do need to update all my passwords but I probably have 50 or more so could I use your phrase idea for all of them? I’m 77 and can barely remember what day it is! I checked Bitwsrden but they show no free services. Only $4 and $6 per month. Thanks so much.
I feel that you did a fantastic job in telling about passwords. It made me do some searching.
Very useful information thank you . Will use more characters and numbers from now on.
Great tips I read them everyday and act on your defender advice on a new Inspiron laptop. But I have an issue, can I seem to have forgotten my master password in Bit warden, is there any way to recover it?
Eddk, Unfortunately, Bitwarden doesn't store your master password anywhere. It's a security feature, but it means they can't look it up or reset it for you. You can read more about it here: https://bitwarden.com/help/forgot-master-password/ You might have a backup or exported vault data. The exported file will have all your logins, so you could import that into a fresh Bitwarden install with a new master password. Check your other password managers or dig through old notes - maybe Past You jotted it down somewhere. If it's well and truly gone, you'll need to reset each password stored in Bitwarden one by one. For the future - because this could happen to anyone - pick a master password you can remember but is still secure. And definitely keep backups.
All very helpful info. Thanks.
Your information has been so worthwhile; in checking my passwords against the test to see if they are likely to be compromised, it would take several billion years to hack. (smile). For an old woman, I guess I'm sorta smart!
Way to go, Nancy! With passwords that strong, you're giving those hackers a run for their money.
How safe are password managers and which ones do you recommend? Thanks
Password managers are extremely safe. They use strong encryption to protect your data, even if the company gets hacked. For most folks, I highly recommend Bitwarden. It's secure, open source, easy to use, and has a great free tier. I use the self-hosted version, so my data is completely under my control. And it's free! If you prefer a non-cloud option, KeePassXC is a solid choice. Free and open-source, it stores your vault locally. The main downside? No official mobile app, so it's not as handy when you're out and about.
Karen, I see what happened - you only checked the Business tab on Bitwarden's site. No worries though, they definitely have a free plan! Just click on the "Personal" tab instead of "Business" and you'll see their Free tier right there. That free version should cover everything you need. And yes, you can definitely use Bitwarden to generate strong passphrases and store 'em for all your accounts. For extra credit, check out my other article on "creating strong passwords"