Easy to guess, hard to believe: America's most common passwords
Old habits die hard
by Shawn Knight · TechSpotServing tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
Bottom line: Nothing in life is certain except death, taxes… and the use of poor passwords. NordPass has published its annual list of the most commonly used passwords and to the surprise of absolutely nobody, the situation is remains critical.
The most commonly used personal password in the US this year was "secret" followed by the venerable "123456" and stalwart "password." Two variants of the same string of characters – "qwerty123" and "qwerty1" – rounded out the top five. In every instance, a hacker would be able to brute force crack these common passwords in less than one second.
Corporate passwords must be a different story. Surely they are more secure than something the average Joe would use, right? Think again. In fact, they're mostly the same but in a slightly different order.
According to NordPass, the top corporate password in the US for 2024 was "password." Second through fourth place mirrored personal use passwords, but fifth place entry "aaron431" was different – and slightly more secure, taking about five minutes to crack. Other notable weaklings include "newpass," "123456789," "abc123," and "111111."
NordPass utilized a 2.5 TB database containing information from multiple public sources, including the dark web, for its report. Passwords in the database were either stolen using malware or exposed as part of a data leak, the company said.
Anyone that follows password security knows this is par for the course, and that poor password choice is an unfortunate reality. In fact, "123456" has taken the top spot in NordPass' annual rankings five of the last six times. It's clear that efforts to promote stronger password use have come up short – an alarming reality considering more of our lives are online now than ever before.
// Related Stories
- Hacked TP-Link routers at center of massive botnet used to attack Azure customers
- Mislabeled patch sends Windows Server 2022 admins on unwanted upgrade to 2025
NordPass shared a number of useful tips to help craft strong passwords, such as not recycling passwords across multiple sites or services and using a password manager. But let's be real, folks aren't going to heed the advice until after they become a victim.