Is Your Password on This “100 Common” List? Find Out Now!

Written by Binod Bharati

Last Updated:

If you’re using any of these passwords, it’s time to change ’em up ASAP!

In my last article about password safety, I exposed 20 most common blunders but today, we’re taking a step further by unveiling the most common passwords.

Look, we’ve all been there. You need to create a password for yet another online account and your mind just blanks.

It’s tempting to go with something easy to remember like “123456” or “password“.

But resist that urge! Those kinds of passwords are an open invitation to hackers.

To drive home the point, here are the 100 worst passwords you could possibly choose.

I’m talking the most common, easily guessed, downright terrible passwords that you should avoid like the plague.

Ready? Let’s dive in!

The Hall of Shame: Top 10 Most Common Passwords

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

Yikes! If any of your passwords are on this list, change them immediately! These are the first ones hackers will guess.

But the problems don’t stop there. Other common (read: terrible) passwords include:

  • Birthdays and years (e.g. Johan1990)
  • Default passwords (e.g. admin, guest)
  • Common names (e.g. michael, jennifer)
  • Simple keyboard patterns (e.g. qazwsx, 1q2w3e)
  • Favorite sports, teams and athletes
  • Pop culture references and fictional characters

Hackers have tools that can rapidly guess thousands of these common passwords. If yours is on the list, your account could be compromised in seconds. Scary stuff!

So, without further ado, here are the 100 most frequently used passwords, along with why they’re so awful:

100 Most Common Passwords

PasswordWhy It’s Terrible
123456Sequential numbers are easy to guess
123456789Adding more sequential numbers doesn’t help
qwertyKeyboard pattern is a common hacker target
passwordThe most obvious password choice
111111Repeating numbers are a no-go
12345678More sequential numbers, still terrible
abc123Mixing alphabet and numbers is not enough
1234567Yet another sequential number password
password1Adding a “1” doesn’t make it secure
12345Even shorter sequential numbers are worse
1234567890The longer the sequence, the easier to guess
123123Repeating a short sequence is not clever
000000All zeros? Really?
iloveyouToo common and easy to guess
1234Very short sequences are a hacker’s dream
1q2w3e4r5tKeyboard patterns are not secure
qwertyuiopAnother keyboard pattern that’s easily guessed
123Incredibly short and easy to crack
monkeyUsing a common word is not safe
dragonAnother common word that’s easily guessed
123456aAdding a letter to a sequence doesn’t help much
654321Reverse sequential numbers are still bad
123321Palindromic sequences are not secure
666666Repeating a short number sequence is terrible
1qaz2wsxKeyboard patterns strike again
myspace1Using a website name with a number is not smart
121212Repeating pairs of numbers is easily guessed
123qweMixing numbers and a short keyboard pattern is bad
a123456Starting with a letter followed by numbers is common
123abcMixing numbers and alphabet is still not enough
1q2w3e4rAnother keyboard pattern that’s easily cracked
qwe123Short keyboard pattern with numbers is not secure
7777777Repeating the same number is a terrible idea
qwerty123Keyboard pattern with numbers is still bad
target123Using a common word with numbers is not safe
tinkleUsing a silly word doesn’t make it secure
987654321Reverse sequential numbers are just as bad
qwerty1Adding a “1” to a keyboard pattern doesn’t help
222222Repeating the same number is never good
zxcvbnmAnother keyboard pattern that’s easily guessed
1g2w3e4rSlight variation on a keyboard pattern is still bad
gwertyMisspelling a keyboard pattern doesn’t make it secure
zag12wsxKeyboard pattern with slight variation is terrible
gwerty123Misspelled keyboard pattern with numbers is bad
555555Repeating the same number is always a bad idea
fu**youUsing a swear word is not clever or secure
112233Sequential pairs of numbers are easily guessed
asdfghjklYet another keyboard pattern that’s not secure
1q2w3eShort keyboard pattern is a hacker’s dream
123123123Repeating a short sequence is terrible
qazwsxAnother keyboard pattern that’s easily cracked
computerUsing a common word is never a good idea
princessAnother common word that’s easily guessed
12345aAdding a letter to sequential numbers doesn’t help
ashleyUsing a common name is not secure
159753Random-looking numbers are still not safe
michaelAnother common name that’s easily guessed
footballUsing a popular sport is a bad idea
sunshineCommon words are not secure, no matter how nice
1234qwerMixing sequential numbers and a keyboard pattern is bad
iloveyou1Adding a “1” to a common phrase doesn’t help
aaaaaaRepeating the same letter is incredibly easy to guess
fuckyou1Adding a “1” to a swear word doesn’t make it better
789456123Sequential numbers in a different order are still bad
danielAnother common name that’s not secure
777777Repeating the same number is never a good idea
princess1Adding a “1” to a common word doesn’t make it safe
123654Sequential numbers in a different order are still bad
11111Repeating the same number is always terrible
asdfghA short keyboard pattern is not secure
999999Repeating the same number is a hacker’s dream
11111111Longer repeating numbers are still terrible
passer2009Using a common word with a year is not safe
888888Repeating the same number is never good
loveUsing a common word is not secure
abcd1234Mixing alphabet and sequential numbers is bad
shadowAnother common word that’s easily guessed
football1Adding a “1” to a popular sport doesn’t help
love123Mixing a common word with numbers is not safe
supermanUsing a superhero name is not secure
jordan23Using a celebrity name with numbers is bad
jessicaAnother common name that’s easily guessed
monkey1Adding a “1” to a common word doesn’t make it better
12qwaszxKeyboard pattern with slight variation is terrible
a12345Starting with a letter followed by sequential numbers is bad
baseballAnother popular sport that’s not secure
123456789aAdding a letter to sequential numbers doesn’t help much
killerUsing a threatening word is not clever or secure
asdfA very short keyboard pattern is incredibly easy to guess
samsungUsing a brand name is not a good idea
masterAnother common word that’s easily guessed
azertyA different keyboard layout pattern is still not secure
charlieAnother common name that’s easily cracked
asd123Mixing a short keyboard pattern with numbers is bad
soccerYet another popular sport that’s not secure
FQRG7CS493Even a random-looking combination can be guessed
88888888Repeating the same number is never a good idea
jordanAnother celebrity name that’s easily guessed
michael1Adding a “1” to a common name doesn’t make it safe

Whew! What a list. I don’t know whether to laugh or cry. But using weak passwords is no laughing matter.

Why It Matters

Now, you might be thinking, “Who cares if my password is weak? I’ve got nothing to hide!” Well, think again. Weak passwords make it easy for hackers to:

  • Steal your identity
  • Access your email and social media accounts
  • Make purchases with your saved payment info
  • Gain a foothold to infiltrate your employer’s network
  • Lock you out of your own accounts!

According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Moreover, the Cost of a Data Breach Report by IBM Security found that the global average cost of a data breach reached $4.45 million in 2023, a 2.3% increase from 2022.

Global Average

Trust me, you don’t want to learn this the hard way. Taking a few minutes now to strengthen your passwords can save you from major headaches (and heartaches) down the road.

Common Hacking Techniques

So, how exactly do hackers exploit weak passwords? Let’s look at a few common techniques:

  1. Dictionary Attacks: Just like it sounds, hackers use software that rapidly tries every word in the dictionary (plus common variations) as your password. If your password is a simple word or phrase, it’s toast.
  2. Password Spraying: Hackers take a list of super common passwords (like the ones above) and “spray” them at hundreds or thousands of accounts, hoping to get lucky. It’s a numbers game, and weak passwords make it easy to win.
  3. Credential Stuffing: Remember all those big data breaches you’ve heard about? (More on those in a sec.) Well, hackers take huge lists of leaked usernames and passwords and try them on other sites, betting that people reuse passwords. Spoiler alert: they do.
  4. Social Engineering: Sometimes, hackers don’t even need to guess. They might send you a phishing email, posing as your bank or a coworker, tricking you into revealing your password. Or they might scour your social media for clues (birthdays, pet names, etc.) to guess your password.

Scared yet? Don’t be. Just be smart with your passwords!

Lessons from Data Breaches

You’ve probably heard about major data breaches at companies like Yahoo, LinkedIn, Adobe, and others. Millions of usernames and passwords, suddenly out in the open. Yikes.

  • The Yahoo data breach, which occurred in 2013-2014 and was disclosed in 2016, impacted 3 billion user accounts
  • The First American Corporation data leak in 2019 exposed approximately 885 million sensitive records, including Social Security numbers, driver’s license images, and bank account details.
  • In the 2012 LinkedIn data breach, 117 million user passwords were compromised and later resurfaced on the dark web in 2016.

But these breaches are a goldmine for hackers and a hard lesson for the rest of us.

Security researchers analyze these password dumps and find the same weak, overused passwords popping up again and again.

Websites like Have I Been Pwned and Dehashed let you check if your info has been compromised in a known breach.

have i been pawned

Trust me, it’s worth a look. (And if you find your password on one of these sites, change it EVERYWHERE you’ve used it!)

Crafting Strong Passwords

Here’s the deal everyone – you’re the first line of defense in protecting your own information online.

So PLEASE, for the love of all things cyber, use strong, unique passwords!

So, what makes a password strong? A good password should be:

  • Mix it up: Use a blend of uppercase, lowercase, numbers, and symbols.
  • Go long: 12 characters minimum. 20+ is even better! The National Institute of Standards and Technology (NIST) recommends using passwords that are at least 8 characters long, and up to 64 characters long
  • Stay random: Avoid dictionary words, personal info, or anything guessable.
  • Different sites, different passwords: NEVER reuse! Every account needs its own.
  • Enable two-factor authentication: That second layer of security can be a lifesaver.
  • Consider a password manager: Securely store and generate strong passwords for you. A survey by Security.org found that only 34% of Americans use a password manage.

One great technique is to use a passphrase – a string of 4+ random words.

Passphrases are long enough to be secure but much easier to remember than a gibberish mix of characters.

Here’s my personal favorite way to make a strong password – a method I’ve been using for years:

Take a phrase you’ll remember, like “I love to read Binod’s PC tips!”, and turn it into an acronym with some numbers and symbols mixed in, like this:

ILtRB’sT#t20!

It’s long, complex, and easy to remember.

But wait, we can make it even stronger! Let’s kick it up a notch by adding a few more symbols and swapping out some letters for numbers:

!Lt8B’$PCt!p$20*

Now we’ve got a password that’s practically uncrackable! Here’s why:

  1. It’s even longer – 17 characters is a hacker’s nightmare.
  2. We’ve added more symbols and numbers, making it extra complex.
  3. By swapping out some letters for visually similar numbers (like “B” for “8”), we’ve made it harder for password cracking algorithms to guess.
  4. But it’s still based on a memorable phrase, so you won’t forget it.

I’ve been using this method for years, and it’s never let me down. My passwords are always strong, unique, and easy for me to remember (but not for anyone else to guess!).

Of course, you don’t have to go quite this crazy with your passwords (though if you want to, go for it!).

The key is to start with a unique, personal phrase and mix in some complexity.

However, even with a password this strong, I still recommend using a password manager for maximum security.

Password managers can generate super-complex passwords for each of your accounts and store them securely, so you don’t have to remember them all.

Password Generator

All you have to remember is one “master password” to unlock the vault.

I was a LastPass user for a long time, but recently switched to the self-hosted version of Bitwarden.

I love that it gives me total control over my password vault and lets me access my passwords from anywhere, on any device.

How We Collected the Most Common Passwords

To compile this list of the 100 most common passwords, we scoured data breach records, security surveys, and public password dumps.

Time and time again, the same terrible passwords showed up among millions of exposed credentials.

The “Have I Been Pwned” website, maintained by cybersecurity expert Troy Hunt, has collected over 13 billion compromised accounts from various data breaches.

But here’s the scary part – if your password is on this list, it’s not just common… it’s compromised.

Hackers have huge lists of these common passwords and can crack accounts using them in minutes.

Found This Helpful?

Did you find any of your passwords on the “100 worst” list? (No need to tell me which ones! 😅)

If you spot any of your passwords here, change them immediately. And spread the word to your friends and family.

Did you find this password security guide useful? I’d love to hear your thoughts!

What was the most eye-opening part for you? Is there anything you’d like me to explain in more detail?

Your feedback helps me create better content to keep you and your accounts safe.

So don’t be shy – hit me with your questions, comments, and suggestions below!

11 Comments

Karen

Great information and I do need to update all my passwords but I probably have 50 or more so could I use your phrase idea for all of them? I’m 77 and can barely remember what day it is! I checked Bitwsrden but they show no free services. Only $4 and $6 per month. Thanks so much.

Binod Bharati

Karen, I see what happened - you only checked the Business tab on Bitwarden's site. No worries though, they definitely have a free plan! Just click on the "Personal" tab instead of "Business" and you'll see their Free tier right there. That free version should cover everything you need. And yes, you can definitely use Bitwarden to generate strong passphrases and store 'em for all your accounts. For extra credit, check out my other article on "creating strong passwords"

Richard

I feel that you did a fantastic job in telling about passwords. It made me do some searching.

Danna

Very useful information thank you . Will use more characters and numbers from now on.

Eddk

Great tips I read them everyday and act on your defender advice on a new Inspiron laptop. But I have an issue, can I seem to have forgotten my master password in Bit warden, is there any way to recover it?

Binod Bharati

Eddk, Unfortunately, Bitwarden doesn't store your master password anywhere. It's a security feature, but it means they can't look it up or reset it for you. You can read more about it here: https://bitwarden.com/help/forgot-master-password/ You might have a backup or exported vault data. The exported file will have all your logins, so you could import that into a fresh Bitwarden install with a new master password. Check your other password managers or dig through old notes - maybe Past You jotted it down somewhere. If it's well and truly gone, you'll need to reset each password stored in Bitwarden one by one. For the future - because this could happen to anyone - pick a master password you can remember but is still secure. And definitely keep backups.

Carmel Teuma Vella

All very helpful info. Thanks.

Nancy

Your information has been so worthwhile; in checking my passwords against the test to see if they are likely to be compromised, it would take several billion years to hack. (smile). For an old woman, I guess I'm sorta smart!

Binod Bharati

Way to go, Nancy! With passwords that strong, you're giving those hackers a run for their money.

Jpan

How safe are password managers and which ones do you recommend? Thanks

Binod Bharati

Password managers are extremely safe. They use strong encryption to protect your data, even if the company gets hacked. For most folks, I highly recommend Bitwarden. It's secure, open source, easy to use, and has a great free tier. I use the self-hosted version, so my data is completely under my control. And it's free! If you prefer a non-cloud option, KeePassXC is a solid choice. Free and open-source, it stores your vault locally. The main downside? No official mobile app, so it's not as handy when you're out and about.

1600 characters left

ABOUT THE AUTHOR

Binod Bharati • Founder

Binod launched PCTips.com to share his 20+ years of experience in Computing, including hardware, Linux, networking, and security. He holds multiple certifications, including CompTIA A+, Network+, Security+, PenTest+, CySA+, and Linux+. Binod is passionate about helping readers make the most of their technology and computing experience.

Read more...