With large-scale security breaches more or less a permanent fixture of tech news, security practices among standard web users seem to be improving. But not very quickly, at least if NordPass’s yearly report on the most common passwords is to be believed. According to the data gathered, hundreds of millions of people still use passwords that can be cracked more or less instantly, with “123456” taking the number one spot yet again. Over a hundred million accounts were found to be using it for the barest minimum of non-security.
Other popular passwords include “qwerty” (22 million accounts), “111111” (13 million accounts), and the ever-creative “password” (just shy of 21 million accounts). Less obvious inclusions like “superman,” “baseball,” and “q1w2e3r4t5” are used by only a million accounts each, but Nord claims they can still be cracked in seconds. Among the top 200 most common passwords listed, “myspace1,” “1g2w3e4r”, “gwerty123”, and “michelle” were the hardest to crack, taking a relative eternity of three hours.
The rest of the report yields some interesting insights. Russia is number one with a bullet in terms of password leaks, with almost 20 passwords illegally accessed per resident. Most of the western world isn’t much better off. The US, Canada, and the UK are still towards the top of the chart, with 5.1, 3.6, and 2.8 leaks per capita, respectively. Nord says that swear words are often used as passwords, though there aren’t any naughty entries in the top 200 — whether that’s because they don’t feature or they’ve been edited out wasn’t mentioned.
The easiest way to protect your online accounts is to use a unique, complex password for each site and service. And the easiest way to do that is with a password manager. If you’re looking to start using one or want to shop around, check out PCWorld’s roundup of the best password manager options.