A logo for soteria technology solutions with a spartan helmet

The Worst Passwords of 2023

Dec 26, 2023

This year's list of the world's most common passwords is out!

Is your favorite on the list?

NordPass just released their annual list of the Top 200 Most Common Passwords! Now, if you've never seen it, every year NordPass partners with cybersecurity researchers to go over several terabytes of stolen password data, all publicly available, to look for the most commonly used passwords worldwide.  Will there be surprises this year?  Let's find out!

Top 10 Most Common Worldwide

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456

Top 10 Most Common in the USA

  1. 123456
  2. password
  3. admin
  4. 1234
  5. UNKNOWN
  6. 12345678
  7. 123456789
  8. 12345
  9. abc123

Congrats 123456 for winning again! The undisputed King of Bad Passwords, 123456 has held the crown 4 out of the last 5 years. Otherwise, looks like a lot of old favorites here!  UNKNOWN is an interesting addition, and the only one on either list that NordPass estimates would take longer than a fraction of a second to crack.  (At 17 seconds, it's still not great, and being on this list means it's one of the first someone will try in a brute force attack so this is hardly a recommendation.)


Hopefully it goes without saying that all of these are laughably terrible passwords and we should all know better but here is proof that over 4.5 million people are still rocking 123456 in 2023. 


Something new that NordPass did this year, was to look at how password trends diverge depending on what sort of thing they are used for. They compared Ecommerce, Social Media, Financial, Email, Gaming, Productivity Tools, Smartphone, and Streaming.


So what can we learn here?


Ecommerce - Please don't use the name of the shopping site as your password.  Apart from variations on 123456, amazon was the top used password in this category.  amazon123 and Amazon@123 are also really high on the list, so please please please just do not.


Social Media - This one seems heavy on numerical passwords.  I see you 1122334455, you are not fooling anybody.


Financial - You guys, this is your money! P@ssw0rd and paypal123 are not going to cut it. Batman11 is surprisingly common here too.


Email - Considering how many of us still have the email addresses that 14 year old us though were cool, I expected to see some goofy stuff here, but it was surprisingly tame. ****** , lol12345, and fortnite stood out.


Gaming - Maybe due to inputting these on a controller instead of a keyboard, most of these are numerical or a variation on qwerty.  Up your game, gamers.


Productivity - Not at all surprised to see Zoom2020 high on this list.  BTW, changing the year on that one doesn't make it any better.


Smartphone - Using the phone name is a big trend here. Apple2020, Samsung1, Iphone1234, etc.


Streaming - NordPass even noted that people seemed to be strong password haters in this category. They are really short and really basic, even compared to the Top Ten.  Let's try to do better than netflix or 101010, mmmkay?


Check out the list for yourself

As fun as it is to make fun of bad passwords, how do you make sure yours are good?

I'm glad you asked.  I did a whole blog series about that a while ago, that you can visit here:

Bad Passwords 2021 Bad Passwords 2: what makes a good password? Bad Passwords 3: MFA Bad Passwords 4: SSO


That said, here's the TL;DR:


  • Get a password management program.  Some good ones include 1Password, Keeper, and yes, NordPass. They can help you generate good passwords and store them for you so you only have to remember your master password. Some will let you know if your password has been leaked on the dark web, and can suggest when it's time to update.
  • Don't reuse passwords across sites. Don't even use a variation.  If one gets leaked or hacked, they are all at risk.
  • If you don't have a password management program, learn how to make good passwords. Check out #2 in our blog series, it talks about what makes bad passwords bad, so we know what common pitfalls are and how to avoid them.
  • Go through your passwords every once in awhile, and change out any old, sad ones.
  • Use MFA (Multi-factor Authentication) if possible, especially for financial or other important sites.

This post, like all our posts, is 100% written by a human.

Share this Post

The insightly podcast logo

Tariq appears on the Insightly podcast

01 Nov, 2024
Tariq talks all things cybersecurity with the podcast hosts Alyssa and Jordan.
the silhouette of a woman's face is covered with a projection of green computer code

Another Massive Data Leak could expose a Third of Americans

30 Sep, 2024
A freely accessible database containing full background data for about a third of all Americans was just uncovered on the internet.
A new two-story home with a soft pink and blue sunset in the background.

Scam of the Month: Putting the Broke in Mortgage Broker

28 Aug, 2024
Real Estate scams and wire fraud costs Americans hundreds of millions of dollars every year. One victim shares her story.
A 19th century engraving of three rough and hungry looking children searching for potatoes.

What do the CrowdStrike Outage and the Irish Potato Famine have in common?

24 Jul, 2024
A look at what insights history can offer us about how things like this happen.
A closeup photo of a boxer's shoulders and arms. They are wearing black boxing gloves.

The Hits Just Keep Coming

By Erin Patten 08 Jul, 2024
Gigantic password leaks keep rolling in; and they keep getting bigger. How can you keep your accounts safe?
A screenshot from KSN Channel 3, of a newscaster speaking in front of a screen showing computer code

The CDK Attack - Bill talks with KSN about a breach affecting car dealerships across the country

24 Jun, 2024
Cyberattacks have led to an outage in the software car dealerships across North America use to run their operations - making dealerships rely on pen and paper again, and putting untold amounts of personal data at risk.
A robot hand explores a blue imagined universe of connected webs of dots

AI Hackers can find, exploit Zero-Day vulnerabilities

By Erin Patten 17 Jun, 2024
Researchers recently proved that GPT-4 can find and exploit unknown security weaknesses - by itself. It's a whole new world for cybersecurity.
A man flips a coin into the air

Scam of the Month: Fake Applicants, fake jobs: a two-sided coin

By Erin Patten 12 Jun, 2024
Between fake job postings and fake applicants, the job market is a rough place to be.
A stylized beach with a palm tree and beach ball image

You are Invited to our Open House!

By Erin Patten 20 May, 2024
Join us Thursday June 27th for an Open House celebrating Soteria's 5th Anniversary... and a whole lot more.
More Posts
Share by: