Most Common Passwords (And Why You Shouldn’t Be Using These)

Passwords. The bane of our existence for some (remembering them, that is) and an after thought for others. We’re here to tell you that passwords matter. If you don’t think they do, go ahead and set your password to 12345 and see what happens (spoiler alert: it won’t be good).

There is a rhyme and a reason to why you may be at higher risk of a data breach (either personally or as a business). If you’re using some of the most common passwords, you’re going to want to reevaluate your password selection strategy. Here’s our analysis of the most common passwords and why you shouldn’t be using them.

The most common passwords used all contain easy-to-guess number combinations (i.e. 12345) as well as a combo of five consecutive numbers (i.e. 22222). Another potentially obvious one that was used by 830,000 people last year is the actual word “password” (yes, we’re serious).

Remember when we mentioned the chore of remembering your passwords in the beginning? Most individuals prefer to use a common password than try to remember a complicated one. Furthermore, people are more likely to use the same password for all of their accounts, than have different variations. All of this increases your risk of data breach. Hackers are expecting (and hoping) that you’ll do this. 

Here are the top 20 Most Common Passwords (via NordPass)

  1. 12345
  2. 123456
  3. 123456789
  4. test1
  5. password
  6. 12345678
  7. zinch
  8. g_czechout
  9. asdf
  10. qwerty
  11. 1234567890
  12. 1234567
  13. Aa123456.
  14. iloveyou
  15. 1234
  16. abc123
  17. 111111
  18. 123123
  19. dubsmash
  20. test

So how do you make your passwords more secure? 

Great question. We’re glad you asked! We like to call this password hygiene. Take good care of your passwords and your passwords will take good care of you.

  1. Use different passwords on every website. It may sound like a pain, but see the tip below on how to make this easy.
  2. Utilize a password manager with internet browser integration. See our blog here for recommendations. 
  3. Utilize MFA whenever possible. MFA (multi-factor authentication) adds an extra layer of security and verification protection. You should use MFA 100% of the time on your primary personal email address! 
  4. Use pass phrases or the long automatically generated password from a password manager vs. dictionary words.
  5. For your sensitive accounts, have a sense of what the correct domain name (address at the top of your browser, i.e., is and what their login page looks like. Malicious actors will send you phishing emails that link to pages that look familiar (i.e., BankOne), but are in fact knock offs. They are trying to get you to enter your user and password into a form that they capture and will sell to the highest bidder. If you look at the address bar, layout, etc., it will be different. Delete or report that email to IT and do not login.

If you have additional questions about choosing the best passwords for personal or business use, or if you’re interested in getting a quote for PK Tech services, we’re here to help answer any questions and provide more information. To contact PK Tech, click here.

About PK Tech