Skip to Content
© Designer491 | Dreamstime.com
Security & privacy

Billions of passwords for sale on the Dark Web – this one was used 7 million times

How tough are your passwords? Despite what you may think, the best password practices from 10 years ago won’t cut it today. If you share passwords across different websites, for example, it’s time to get busy changing them for the sake of your security.

The reason: An unprecedented wave of phishing and cybercrime is upon us, which makes stronger passwords an absolute must. Tap or click here to see how much stolen accounts and passwords are selling for on the Dark Web.

Creating a strong password isn’t too difficult. All you need is a clever combination of numbers and letters that are difficult to guess. But in spite of this, one of the most common passwords in the world doesn’t even bother following this format. It’s been used literally millions of times, and you won’t believe how obvious it is.

The results are in: Your password is terrible

A recent analysis of more than 1 billion leaked passwords revealed an uncomfortable truth: People continue to use (and reuse) poor passwords across the internet.

It’s all part of a new study performed by Turkish computer engineering student, Ata Hakçıl, who analyzed leaked account credentials included in several major data breaches.

What he found was extraordinary: Out of the more than 1 billion accounts, under 169 million unique passwords existed. Not only that, but a much, much more concerning statistic also appeared upon further examination. Out of the unique passwords, more than 7 million happened to be “123456.” Yes, really!

If we break it down statistically, one out of every 142 passwords from the sample was “123456.” This currently accounts for the most commonly reused password on the web for the past half-decade, and this study only backs up how standard it has become for so many.

Beyond that startling discovery, the research revealed several other key findings that show just how much trouble our online accounts are in if we don’t make a change:

  • The most common 1,000 passwords cover 6.607% of all the passwords.
  • Average password length is around nine characters.
  • Only 12.04% of passwords contain special characters.
  • 28.79% of passwords only contain letters.
  • 26.16% of passwords only contain lowercase letters.
  • 13.37% of passwords only contain numbers.
  • 34.41% of all passwords end with numbers, but only 4.522% of all passwords start with them.

What can I do to make my passwords safer

If you’re feeling concerned about your own cybersecurity (or if you happen to have “123456” as your password somewhere online), you don’t have to panic. There are a few steps you can take to shape up your passwords and secure your accounts.

To get started, let’s check with the worst-ranked passwords of 2019. These passwords made the list because of how common and easily guessed they are, and if you have them on your accounts, that’s a red flag to change them immediately.

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123
  11. abc123
  12. qwerty123
  13. 1q2w3e4r
  14. admin
  15. qwertyuiop
  16. 654321
  17. 555555
  18. lovely
  19. 7777777
  20. welcome
  21. 888888
  22. princess
  23. dragon
  24. password1
  25. 123qwe
  26. 666666
  27. 1qaz2wsx
  28. 333333
  29. michael
  30. sunshine
  31. liverpool
  32. 777777
  33. 1q2w3e4r5t
  34. donald
  35. freedom
  36. football
  37. charlie
  38. letmein
  39. [email protected]#$%^&*
  40. secret
  41. aa123456
  42. 987654321
  43. zxcvbnm
  44. passw0rd
  45. bailey
  46. nothing
  47. shadow
  48. 121212
  49. biteme
  50. ginger

Once you start changing your passwords, install the Google Password Checkup extension to see how safe they are to use. This extension scours the web for known leaked password databases and matches yours up against them.

Tap or click here to discover Google’s Password Checkup extension.

Next, you’ll need to start setting up two-factor authentication for all of your accounts that offer the feature. This will prevent a hacker from going any further without physical access to your phone, which means they will have wasted money buying your account from the Dark Web in the first place. Tap or click here to see how to set up 2FA.

For even more protection, you should also consider using an encrypted password manager like our sponsor Roboform. Not only does Roboform store your passwords with secure encryption, but it can also generate stronger passwords for you that are less likely to get cracked.

Save 50% on RoboForm Everywhere and manage your passwords with ease and security when you use discount code KIM50 at checkout!

Somewhere out there, there’s a hacker hoping to use your weak passwords against you. A simple or goofy password may be easier to remember, but don’t forget that ease goes both ways. Why give them the chance?

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook