World’s 200 Most Dangerous Passwords Revealed — Change Yours If Listed

Passwords can’t live without them, oh, hold on, actually you can. Passkeys are way more secure, and increasingly, platforms, products, and services are making them available to users. That’s the good news. The bad news is that, for hundreds of millions of users supposedly securing billions of accounts, weak and easily compromised passwords remain the reality. With lists of such compromised passwords readily available on the criminal underground and even the surface web, using one of the 200 most commonly used, and therefore most dangerous, passwords is tantamount to handing the keys of your account to hackers. If your passwords are on this list, they most certainly are getting in.

ForbesSecure Your Gmail Now As Google Warns Of Password AttacksBy Davey Winder

2.5TB Credentials From 44 Countries Database Analyzed — 200 Most Dangerous Passwords Revealed

There is no shortage of compromised and leaked password lists floating around the web, dark or surface, if you care to go and look. And, believe me, threat actors know exactly where to find the most valuable of them, available in credential-stuffing, password spraying, format for a small fee. That, dear reader, is the sorry state of login security today. It’s why the likes of Google are urging users to replace passwords with passkeys. If you can’t, and you are stuck with using passwords, then, please, at least make them long, strong and secure. Use a password manager to create random password strings that are too complex for you to remember, because you won’t have to remember them. Use passphrases; use anything other than the 200 dangerous passwords on this list.

Compiled jointly by NordPass and NordStellar, the 200 most used and dangerous passwords to use list emerged from an analysis of a 2.5TB database of passwords found on the dark and surface webs, across 44 countries in total, and stolen by malware or exposed in data leaks. “We focused only on the statistical information,” the researchers said, “so no personal data from internet users was included in this research.”

Let’s tease the results out a little by starting with the 10 most dangerous passwords that were attributed to U.S. users:

1. secret
2. 123456
3. password
4. qwerty123
5. qwerty1
6. 123456789
7. password1
8. 12345678
9. 12345
10. abc123

Interestingly, this features nine of the ten most used passwords globally, but in a different order. The only unique password, as far as the U.S. is concerned, was the (not so) highly original password1. A rubbish password that featured at number 17 in the global list.

OK, so let’s move on to the global list, of which I’ll just focus on the first 50 — please use the already provided link to access the full database of 200.

1. 123456
2. 123456789
3. 12345678
4. password
5. qwerty123
6. qwerty1
7. 111111
8. 12345
9. secret
10. 123123
11. 1234567890
12. 1234567
13. 000000
14. qwerty
15. abc123
16. password1
17. iloveyou
18. 11111111
19. dragon
20. monkey
21. 123123123
22. 123321
23. qwertyuiop
24. 00000000
25. Password
26. 654321
27. target123
28. tinkle
29. zag12wsx
30. 1g2w3e4r
31. gwerty123
32. gwerty
33. 666666
34. 1q2w3e4r5t
35. Qwerty123
36. 987654321
37. 1q2w3e4r
38. a123456
39. 1qaz2wsx
40. 121212
41. abcd1234
42. asdfghjkl
43. 123456a
44. 88888888
45. Qwerty123!
46. Qwerty1!
47. 112233
48. q1w2e3r4t5y6
49. football
50. zxcvbnm

Needless to say, if any of your passwords appear here, or in the full list, then change them as a matter of some urgency, and while doing so, give your neck a wobble for using them in the first place. What were you thinking?