Is Your Password on This “100 Common” List? Find Out Now!

If you’re using any of these passwords, it’s time to change ’em up ASAP!

In my last article about password safety, I exposed 20 most common blunders but today, we’re taking a step further by unveiling the most common passwords.

Look, we’ve all been there. You need to create a password for yet another online account and your mind just blanks.

It’s tempting to go with something easy to remember like “123456” or “password“.

But resist that urge! Those kinds of passwords are an open invitation to hackers.

To drive home the point, here are the 100 worst passwords you could possibly choose.

I’m talking the most common, easily guessed, downright terrible passwords that you should avoid like the plague.

Ready? Let’s dive in!

The Hall of Shame: Top 10 Most Common Passwords

1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password1
10. 12345

Yikes! If any of your passwords are on this list, change them immediately! These are the first ones hackers will guess.

But the problems don’t stop there. Other common (read: terrible) passwords include:

• Birthdays and years (e.g. Johan1990)
• Default passwords (e.g. admin, guest)
• Common names (e.g. michael, jennifer)
• Simple keyboard patterns (e.g. qazwsx, 1q2w3e)
• Favorite sports, teams and athletes
• Pop culture references and fictional characters

Hackers have tools that can rapidly guess thousands of these common passwords. If yours is on the list, your account could be compromised in seconds. Scary stuff!

So, without further ado, here are the 100 most frequently used passwords, along with why they’re so awful:

100 Most Common Passwords

Password	Why It’s Terrible
123456	Sequential numbers are easy to guess
123456789	Adding more sequential numbers doesn’t help
qwerty	Keyboard pattern is a common hacker target
password	The most obvious password choice
111111	Repeating numbers are a no-go
12345678	More sequential numbers, still terrible
abc123	Mixing alphabet and numbers is not enough
1234567	Yet another sequential number password
password1	Adding a “1” doesn’t make it secure
12345	Even shorter sequential numbers are worse
1234567890	The longer the sequence, the easier to guess
123123	Repeating a short sequence is not clever
000000	All zeros? Really?
iloveyou	Too common and easy to guess
1234	Very short sequences are a hacker’s dream
1q2w3e4r5t	Keyboard patterns are not secure
qwertyuiop	Another keyboard pattern that’s easily guessed
123	Incredibly short and easy to crack
monkey	Using a common word is not safe
dragon	Another common word that’s easily guessed
123456a	Adding a letter to a sequence doesn’t help much
654321	Reverse sequential numbers are still bad
123321	Palindromic sequences are not secure
666666	Repeating a short number sequence is terrible
1qaz2wsx	Keyboard patterns strike again
myspace1	Using a website name with a number is not smart
121212	Repeating pairs of numbers is easily guessed
123qwe	Mixing numbers and a short keyboard pattern is bad
a123456	Starting with a letter followed by numbers is common
123abc	Mixing numbers and alphabet is still not enough
1q2w3e4r	Another keyboard pattern that’s easily cracked
qwe123	Short keyboard pattern with numbers is not secure
7777777	Repeating the same number is a terrible idea
qwerty123	Keyboard pattern with numbers is still bad
target123	Using a common word with numbers is not safe
tinkle	Using a silly word doesn’t make it secure
987654321	Reverse sequential numbers are just as bad
qwerty1	Adding a “1” to a keyboard pattern doesn’t help
222222	Repeating the same number is never good
zxcvbnm	Another keyboard pattern that’s easily guessed
1g2w3e4r	Slight variation on a keyboard pattern is still bad
gwerty	Misspelling a keyboard pattern doesn’t make it secure
zag12wsx	Keyboard pattern with slight variation is terrible
gwerty123	Misspelled keyboard pattern with numbers is bad
555555	Repeating the same number is always a bad idea
fuckyou	Using a swear word is not clever or secure
112233	Sequential pairs of numbers are easily guessed
asdfghjkl	Yet another keyboard pattern that’s not secure
1q2w3e	Short keyboard pattern is a hacker’s dream
123123123	Repeating a short sequence is terrible
qazwsx	Another keyboard pattern that’s easily cracked
computer	Using a common word is never a good idea
princess	Another common word that’s easily guessed
12345a	Adding a letter to sequential numbers doesn’t help
ashley	Using a common name is not secure
159753	Random-looking numbers are still not safe
michael	Another common name that’s easily guessed
football	Using a popular sport is a bad idea
sunshine	Common words are not secure, no matter how nice
1234qwer	Mixing sequential numbers and a keyboard pattern is bad
iloveyou1	Adding a “1” to a common phrase doesn’t help
aaaaaa	Repeating the same letter is incredibly easy to guess
fuckyou1	Adding a “1” to a swear word doesn’t make it better
789456123	Sequential numbers in a different order are still bad
daniel	Another common name that’s not secure
777777	Repeating the same number is never a good idea
princess1	Adding a “1” to a common word doesn’t make it safe
123654	Sequential numbers in a different order are still bad
11111	Repeating the same number is always terrible
asdfgh	A short keyboard pattern is not secure
999999	Repeating the same number is a hacker’s dream
11111111	Longer repeating numbers are still terrible
passer2009	Using a common word with a year is not safe
888888	Repeating the same number is never good
love	Using a common word is not secure
abcd1234	Mixing alphabet and sequential numbers is bad
shadow	Another common word that’s easily guessed
football1	Adding a “1” to a popular sport doesn’t help
love123	Mixing a common word with numbers is not safe
superman	Using a superhero name is not secure
jordan23	Using a celebrity name with numbers is bad
jessica	Another common name that’s easily guessed
monkey1	Adding a “1” to a common word doesn’t make it better
12qwaszx	Keyboard pattern with slight variation is terrible
a12345	Starting with a letter followed by sequential numbers is bad
baseball	Another popular sport that’s not secure
123456789a	Adding a letter to sequential numbers doesn’t help much
killer	Using a threatening word is not clever or secure
asdf	A very short keyboard pattern is incredibly easy to guess
samsung	Using a brand name is not a good idea
master	Another common word that’s easily guessed
azerty	A different keyboard layout pattern is still not secure
charlie	Another common name that’s easily cracked
asd123	Mixing a short keyboard pattern with numbers is bad
soccer	Yet another popular sport that’s not secure
FQRG7CS493	Even a random-looking combination can be guessed
88888888	Repeating the same number is never a good idea
jordan	Another celebrity name that’s easily guessed
michael1	Adding a “1” to a common name doesn’t make it safe

Whew! What a list. I don’t know whether to laugh or cry. But using weak passwords is no laughing matter.

Why It Matters

Now, you might be thinking, “Who cares if my password is weak? I’ve got nothing to hide!” Well, think again. Weak passwords make it easy for hackers to:

• Steal your identity
• Access your email and social media accounts
• Make purchases with your saved payment info
• Gain a foothold to infiltrate your employer’s network
• Lock you out of your own accounts!

According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Moreover, the Cost of a Data Breach Report by IBM Security found that the global average cost of a data breach reached $4.45 million in 2023, a 2.3% increase from 2022.

Trust me, you don’t want to learn this the hard way. Taking a few minutes now to strengthen your passwords can save you from major headaches (and heartaches) down the road.

Common Hacking Techniques

So, how exactly do hackers exploit weak passwords? Let’s look at a few common techniques:

1. Dictionary Attacks: Just like it sounds, hackers use software that rapidly tries every word in the dictionary (plus common variations) as your password. If your password is a simple word or phrase, it’s toast.
2. Password Spraying: Hackers take a list of super common passwords (like the ones above) and “spray” them at hundreds or thousands of accounts, hoping to get lucky. It’s a numbers game, and weak passwords make it easy to win.
3. Credential Stuffing: Remember all those big data breaches you’ve heard about? (More on those in a sec.) Well, hackers take huge lists of leaked usernames and passwords and try them on other sites, betting that people reuse passwords. Spoiler alert: they do.
4. Social Engineering: Sometimes, hackers don’t even need to guess. They might send you a phishing email, posing as your bank or a coworker, tricking you into revealing your password. Or they might scour your social media for clues (birthdays, pet names, etc.) to guess your password.

Scared yet? Don’t be. Just be smart with your passwords!

Lessons from Data Breaches

You’ve probably heard about major data breaches at companies like Yahoo, LinkedIn, Adobe, and others. Millions of usernames and passwords, suddenly out in the open. Yikes.

• The Yahoo data breach, which occurred in 2013-2014 and was disclosed in 2016, impacted 3 billion user accounts
• The First American Corporation data leak in 2019 exposed approximately 885 million sensitive records, including Social Security numbers, driver’s license images, and bank account details.
• In the 2012 LinkedIn data breach, 117 million user passwords were compromised and later resurfaced on the dark web in 2016.

But these breaches are a goldmine for hackers and a hard lesson for the rest of us.

Security researchers analyze these password dumps and find the same weak, overused passwords popping up again and again.

Websites like Have I Been Pwned and Dehashed let you check if your info has been compromised in a known breach.

Trust me, it’s worth a look. (And if you find your password on one of these sites, change it EVERYWHERE you’ve used it!)

Crafting Strong Passwords

Here’s the deal everyone – you’re the first line of defense in protecting your own information online.

So PLEASE, for the love of all things cyber, use strong, unique passwords!

So, what makes a password strong? A good password should be:

• Mix it up: Use a blend of uppercase, lowercase, numbers, and symbols.
• Go long: 12 characters minimum. 20+ is even better! The National Institute of Standards and Technology (NIST) recommends using passwords that are at least 8 characters long, and up to 64 characters long
• Stay random: Avoid dictionary words, personal info, or anything guessable.
• Different sites, different passwords: NEVER reuse! Every account needs its own.
• Enable two-factor authentication: That second layer of security can be a lifesaver.
• Consider a password manager: Securely store and generate strong passwords for you. A survey by Security.org found that only 34% of Americans use a password manage.

One great technique is to use a passphrase – a string of 4+ random words.

Passphrases are long enough to be secure but much easier to remember than a gibberish mix of characters.

Here’s my personal favorite way to make a strong password – a method I’ve been using for years:

Take a phrase you’ll remember, like “I love to read Binod’s PC tips!”, and turn it into an acronym with some numbers and symbols mixed in, like this:

ILtRB’sT#t20!

It’s long, complex, and easy to remember.

But wait, we can make it even stronger! Let’s kick it up a notch by adding a few more symbols and swapping out some letters for numbers:

!Lt8B’$PCt!p$20*

Now we’ve got a password that’s practically uncrackable! Here’s why:

1. It’s even longer – 17 characters is a hacker’s nightmare.
2. We’ve added more symbols and numbers, making it extra complex.
3. By swapping out some letters for visually similar numbers (like “B” for “8”), we’ve made it harder for password cracking algorithms to guess.
4. But it’s still based on a memorable phrase, so you won’t forget it.

I’ve been using this method for years, and it’s never let me down. My passwords are always strong, unique, and easy for me to remember (but not for anyone else to guess!).

Of course, you don’t have to go quite this crazy with your passwords (though if you want to, go for it!).

The key is to start with a unique, personal phrase and mix in some complexity.

However, even with a password this strong, I still recommend using a password manager for maximum security.

Password managers can generate super-complex passwords for each of your accounts and store them securely, so you don’t have to remember them all.

All you have to remember is one “master password” to unlock the vault.

I was a LastPass user for a long time, but recently switched to the self-hosted version of Bitwarden.

I love that it gives me total control over my password vault and lets me access my passwords from anywhere, on any device.

How We Collected the Most Common Passwords

To compile this list of the 100 most common passwords, we scoured data breach records, security surveys, and public password dumps.

Time and time again, the same terrible passwords showed up among millions of exposed credentials.

The “Have I Been Pwned” website, maintained by cybersecurity expert Troy Hunt, has collected over 13 billion compromised accounts from various data breaches.

But here’s the scary part – if your password is on this list, it’s not just common… it’s compromised.

Hackers have huge lists of these common passwords and can crack accounts using them in minutes.

Found This Helpful?

Did you find any of your passwords on the “100 worst” list? (No need to tell me which ones! 😅)

If you spot any of your passwords here, change them immediately. And spread the word to your friends and family.

Did you find this password security guide useful? I’d love to hear your thoughts!

What was the most eye-opening part for you? Is there anything you’d like me to explain in more detail?

Your feedback helps me create better content to keep you and your accounts safe.

So don’t be shy – hit me with your questions, comments, and suggestions below!