The Worst Passwords of 2023

Dec 26, 2023

This year's list of the world's most common passwords is out!

Is your favorite on the list?

NordPass just released their annual list of the Top 200 Most Common Passwords! Now, if you've never seen it, every year NordPass partners with cybersecurity researchers to go over several terabytes of stolen password data, all publicly available, to look for the most commonly used passwords worldwide.  Will there be surprises this year?  Let's find out!

Top 10 Most Common Worldwide

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456

Top 10 Most Common in the USA

  1. 123456
  2. password
  3. admin
  4. 1234
  5. UNKNOWN
  6. 12345678
  7. 123456789
  8. 12345
  9. abc123

Congrats 123456 for winning again! The undisputed King of Bad Passwords, 123456 has held the crown 4 out of the last 5 years. Otherwise, looks like a lot of old favorites here!  UNKNOWN is an interesting addition, and the only one on either list that NordPass estimates would take longer than a fraction of a second to crack.  (At 17 seconds, it's still not great, and being on this list means it's one of the first someone will try in a brute force attack so this is hardly a recommendation.)


Hopefully it goes without saying that all of these are laughably terrible passwords and we should all know better but here is proof that over 4.5 million people are still rocking 123456 in 2023. 


Something new that NordPass did this year, was to look at how password trends diverge depending on what sort of thing they are used for. They compared Ecommerce, Social Media, Financial, Email, Gaming, Productivity Tools, Smartphone, and Streaming.


So what can we learn here?


Ecommerce - Please don't use the name of the shopping site as your password.  Apart from variations on 123456, amazon was the top used password in this category.  amazon123 and Amazon@123 are also really high on the list, so please please please just do not.


Social Media - This one seems heavy on numerical passwords.  I see you 1122334455, you are not fooling anybody.


Financial - You guys, this is your money! P@ssw0rd and paypal123 are not going to cut it. Batman11 is surprisingly common here too.


Email - Considering how many of us still have the email addresses that 14 year old us though were cool, I expected to see some goofy stuff here, but it was surprisingly tame. ****** , lol12345, and fortnite stood out.


Gaming - Maybe due to inputting these on a controller instead of a keyboard, most of these are numerical or a variation on qwerty.  Up your game, gamers.


Productivity - Not at all surprised to see Zoom2020 high on this list.  BTW, changing the year on that one doesn't make it any better.


Smartphone - Using the phone name is a big trend here. Apple2020, Samsung1, Iphone1234, etc.


Streaming - NordPass even noted that people seemed to be strong password haters in this category. They are really short and really basic, even compared to the Top Ten.  Let's try to do better than netflix or 101010, mmmkay?


Check out the list for yourself

As fun as it is to make fun of bad passwords, how do you make sure yours are good?

I'm glad you asked.  I did a whole blog series about that a while ago, that you can visit here:

Bad Passwords 2021 Bad Passwords 2: what makes a good password? Bad Passwords 3: MFA Bad Passwords 4: SSO


That said, here's the TL;DR:


  • Get a password management program.  Some good ones include 1Password, Keeper, and yes, NordPass. They can help you generate good passwords and store them for you so you only have to remember your master password. Some will let you know if your password has been leaked on the dark web, and can suggest when it's time to update.
  • Don't reuse passwords across sites. Don't even use a variation.  If one gets leaked or hacked, they are all at risk.
  • If you don't have a password management program, learn how to make good passwords. Check out #2 in our blog series, it talks about what makes bad passwords bad, so we know what common pitfalls are and how to avoid them.
  • Go through your passwords every once in awhile, and change out any old, sad ones.
  • Use MFA (Multi-factor Authentication) if possible, especially for financial or other important sites.

Share this Post

Save the Date for our Open House!

10 Apr, 2024
Save the Date! Soteria is having an Open House, and everyone is invited! Stay tuned for more details.
A black and white photo of the inside of a hard drive.

It's World Backup Day!

29 Mar, 2024
March 29th is World Backup Day, and we have some tips for bulletproof backups for your business.
Kansas lawmakers working to protect against breaches after major cyberattack

Soteria in the News! Bill talks with KWCH about Cybersecurity

21 Mar, 2024
Kansas lawmakers are working to protect the state against breaches after a major cyberattack - KWCH looked to Bill for insight on the situation.
the CRN MSP500 2024 logo, in front of a blue and purple techy background

Soteria is recognized on the 2024 CRM MSP500 List

13 Feb, 2024
Soteria is honored to be included.
A large pile of gold bars

Scam of the Month: the Gold Diggers

By Erin Patten 31 Jan, 2024
This month's scam has the Midas touch.
A person holds a box labeled

Scam of the Month: Look for the (REAL) helpers

By Erin Patten 28 Nov, 2023
Mr. Rodgers said, "Look for the helpers." I'd add: "Look closely at the helpers, before you send them money."
An illustration of several small people investigating computer code on a laptop screen

Join us for a Cybersecurity Lunch & Learn

07 Nov, 2023
Cybercriminals have advanced technology - so should you. Let's talk about it over lunch.

Scam of the Month: Malvertising

01 Nov, 2023
Scam of the Month A favorite feature of our Monthly Newsletter, now on the Blog!
A candle and skull are reflected in a black mirror, text: Happy Halloween from Soteria

It's a Boo-tiful Day! Happy Halloween from Soteria

By Erin Patten 31 Oct, 2023
What are the techs going to be for Halloween this year? Let's find out.
More Posts
Share by: