These passwords take 1 second to crack
Here’s a wild stat: 78% of the world’s most common passwords can be cracked in less than a second. The most-used password in the world, “123456,” has been leaked more than 3 million times. And get this: 1.2 million of those were corporate passwords.
This is based on fresh research from my password manager pick. For six years, NordPass has studied how we handle passwords. Let’s dive into the numbers. Spoiler: It’s not pretty.
The most common leaked passwords
NordPass analyzed more than 9 million stolen passwords. The most common:
- 123456 (found 3,018,050 times)
- 123456789 (found 1,625,135 times)
- 12345678 (found 884,740 times)
- password (found 692,151 times)
- qwerty123 (found 642,638 times)
- qwerty1 (found 583,630 times)
- 111111 (found 459,730 times)
- 12345 (found 395,573 times)
- secret (found 363,491 times)
- 123123 (found 351,576 times)
All of these take less than 1 second to crack. One trick is a brute-force attack, where hackers try every password combo until they hit the jackpot.
They also use leaked password databases from previous breaches.
Because many people reuse their passwords, your leaked Netflix login could allow them to access your cable company account, too.
Making a big mistake worse
Of course, all these were stolen or hacked, so you’d expect them to be weak. But the list also includes some you might be using even if you’re more tech-savvy.
Think sequential numbers or letters on a keyboard (e.g., “567890” or “asdfgh”), repeated characters (e.g., “99999”), or easy-to-guess words like “princess” or “baseball.” You’re not the only one using pet names, hobbies or your favorite teams for inspiration.
Here’s the scariest part: 40% of the most common passwords in the personal and work lists are identical. That means if hackers get into one of your personal accounts, they can waltz right into your work systems, too.
My top password manager pick has an A+ security feature built in
But there’s a smarter way to protect your online accounts — using a trusted password manager like NordPass.
Remembering complex, unique passwords for every single account is practically impossible. If you’re like most people, you probably end up reusing passwords or writing them down somewhere, which isn’t your best bet if you value security.