Does anyone else use “123456” to secure access to their account? Sadly, this string of numbers still tops NordPass’s annual list of the most used passwords, earning it the title of “world’s worst password.” The sixth annual ranking includes a list of the 200 most common passwords, along with the time it takes to crack each one and the number of accounts using that password.
Image source: unsplash.com
The developer of the password manager NordPass, together with NordStellar, analyzed a password database of about 2.5 TB, “extracted from various publicly available sources,” including the darknet. “We analyzed passwords stolen by malware or exposed in data breaches. In most cases, they were stolen with email addresses, allowing us to differentiate between corporate and personal credentials based on the domain name,” the researchers explained in a blog post.
Image source: nordpass.com/most-common-passwords-list
A world record holder for passwords, the string “123456” has been found in more than 3 million accounts. It takes less than a second to crack such a password, just like most of the others on the list. The second and third places were taken by “123456789” and “12345678” respectively. Some of the passwords included in the list take longer to crack – it could take minutes, hours or even days. For example, “g_czechout” is ranked 157th and will take 12 days to crack.
Regardless of the time required to crack a password, passwords from this list should not be used. This seems obvious, but many people continue to do it. One of the main reasons is basic convenience, since a simple password is easier to remember than a complex one. Very often, such primitive passwords are used when creating an account for a one-time login to a site that requires registration.