A new report by password management service, NordPass, working with independent researchers has revealed that use of numbers between 1 and 9 on the keyboard is the most commonly used passwords in the world.
The researchers compiled millions of passwords into a dataset to determine the 200 most commonly used passwords around the world in 2021, and it showed apart from the words “qwerty” and “password” which came third and fourth, all the other passwords in the top ten were numbers between 1 and 9.
They analyzed the data and presented results across 50 countries (excluding Ghana), looking at how popular various choices were in different parts of the world. They also looked at password trends by gender.
Per the report, “123456” came tops as it is used by an whopping 103,170,552 people, followed by “123456789” with 46,027,530 users globally. Of the top 200, the least used password was “angel1”, which had 15,786 hits.
Find the top 10 below:
|1||123456||103 170 552|
|2||123456789||46 027 530|
|3||12345||32 955 431|
|4||qwerty||22 317 280|
|5||password||20 958 297|
|6||12345678||14 745 771|
|7||111111||13 354 149|
|8||123123||10 244 398|
|9||1234567890||9 646 621|
|10||1234567||9 396 813|
Cultural and Religious Preference
The findings also show password choices are often attached to cultural references. For example, people across several countries take inspiration from their favourite football team. In the UK, for instance, “liverpool” was the third most popular password, with 224,160 hits, while the name of Chilean football club “colocolo” was used by 15,748 people in Chile, making it the fifth most common choice.
In some countries, passwords relating to religion were popular. For example, “christ” was the 19th most common password used in Nigeria, used 7,169 times. Meanwhile, “bismillah”, an Arabic phrase meaning in the name of Allah, was used by 1,599 people in Saudi Arabia – the 30th most common choice.
The report also reflected differences between genders. Women tend to use more positive and affectionate words and phrases such as “sunshine” or “iloveyou”, while men often use sports-related passwords. In some countries, men use more swear words than women.
While music-themed passwords were popular across both genders, choices like “onedirection” or “justinbieber” were more popular among women, whereas men favoured bands such as “metallica” and “slipknot”.
Passwords remain the main authentication mechanism for computers and network-based products and services. But NordPass found that people continue to choose weak passwords and often don’t manage them securely, leaving themselves vulnerable to online security threats.
Weak passwords are easy to guess and can be cracked with minimal difficulty by attackers using brute-force methods – trying all letter, number and symbol combinations to find a match.
Attackers also often use dictionary attack to decode weak passwords. Dictionary attack is a systematic method attackers use to guess a password, trying many common words and variations of of those words.
2FA and MFA
To overcome the security issues associated with password-based authentication systems, researchers and developers are now creating authentication systems which don’t rely on passwords at all.
In the meantime, two-factor authentication (2FA) or multifactor authentication (MFA) methods are a good way to secure online accounts. These methods combine a password with biometrics information (for example, a face scan or fingerprint) or something you have, like a token.
One can also create a password that’s both strong and memorable by combining three random words. Machine-generated passwords are also difficult to guess and less likely to appear in password dictionaries used by attackers.
But of course, all of this is easier said than done. One of the challenges we face in today’s digital age is password overload. And it can be difficult to remember complex passwords, particularly machine-generated ones.
So it’s a good idea to use a reliable password manager for this purpose. Relying on your Web browser to remember your passwords is less secure – it’s possible attackers can exploit vulnerabilities in the browser to access stored passwords.
NordPass’ findings, although not published in a peer-reviewed journal, align with what we know from similar lists published elsewhere – that the most popular passwords are weak.
Hopefully, if you see one of your passwords on this list, it will be impetus to change it to something stronger. Ethical hackers – people who work to prevent computers and networks from being hacked – could also use these insights for good. On the other hand, we have to acknowledge the possibility that hackers could use this information to target password attacks. This should be all the more reason to strengthen your passwords.