Worst passwords of 2024 prove we still suck at digital security

NordPass has released its sixth annual study on the 200 most common passwords in the world. Unfortunately, it seems as though the sixth time is still not the charm, with the list still topped by many of the same easily-cracked suspects as last year.

“After analyzing 6 years’ worth of data, we can say there hasn’t been much improvement in people’s password habits,” wrote NordPass. It’s easy to imagine an air of resignation surrounding that statement.

This year NordPass’ study was conducted in collaboration with NordStellar, and used a 2.5TB database of information gathered from publicly available resources — including some found on the dark web. Passwords used had been exposed via malware or in data leaks, with the complete study using information from people across 44 countries.

According to NordPass’ research, 2024’s top 10 most used passwords globally are:

1. 123456

2. 123456789

3. 12345678

4. password

5. qwerty123

6. qwerty1

7. 111111

8. 12345

9. secret

10. 123123

NordPass estimates that it would take a hacker less than one second to crack each of these passwords. This is the fifth year that “123456” has topped the list, having only been beaten out once since NordPass began its annual study.

The list looks slightly different when strictly looking at passwords for U.S. accounts, though there’s still a lot of overlap. While the global list favours number-based passwords, presumably as they’re used across different languages, 2024’s 10 most popular passwords in the U.S. has more English-based entries:

1. secret

2. 123456

3. password

4. qwerty123

5. qwerty1

6. 123456789

7. password1

8. 12345678

9. 12345

10. abc123

These too would take less than a second to crack.

Corporate America’s most popular password is ‘password’

This year, NordPass also made a separate list of passwords used for corporate accounts. Most passwords used in the study were leaked alongside a corresponding email address, enabling NordPass to distinguish between work and personal accounts by looking at the domain name.

Sadly, it looks as though those hours of mandatory corporate privacy training we’ve all endured have borne little fruit, with people still using the same or similar weak passwords as they do in their private lives.

The 10 most popular passwords people used at work in 2024 are:

1. 123456 

2. 123456789

3. 12345678

4. secret

5. password

6. qwerty123

7. qwerty1

8. 111111

9. 123123

10. 1234567890

In the U.S. specifically, 2024’s most popular corporate passwords are:

1. password

2. 123456

3. qwerty123

4. qwerty1

5. aaron431

6. password1

7. welcome

8. 12345678

9. Password1

10. abc123

“aaron431” is an unusual outlier compared to its compatriots, having no blatantly obvious rhyme or reason. However, it has been recognised as a popular password in several industries for years. Some have speculated that “aaron431” is the default password for a widely used program, and that people just haven’t bothered changing it. NordPass estimates it would take about five minutes for a hacker to crack it.

If you’re guilty of using any of these popular passwords, now would be a good time to consider changing them and getting a password manager. Even if you don’t use any of the entries on these lists, a password manager will still go a long way in helping you keep your passwords strong and your data secure.