Most Common Passwords: Why They Aren't Safe

How many passwords do you have? The quicker your answer, the worse things likely are. In a perfect world, every account you use should have its own, unique password. However, because of convenience, laziness, ignorance, or some combination of them, many people recycle passwords or use shockingly easy ones.
Below, we'll introduce you to the most commonly used passwords, explain why they are to be avoided at all costs, and advise you on how to better secure and protect yourself and your accounts.
The Most Common Passwords Worldwide
NordPass, in collaboration with independent cybersecurity researchers, released a list of the Top 200 most common passwords in 2021 ⇱. Their Top 10 is just as shocking as that of the NCSC:
Most Common Passwords in 2021 (Worldwide) | |
---|---|
1 | 123456 |
2 | 123456789 |
3 | 12345 |
4 | qwerty |
5 | password |
6 | 12345678 |
7 | 111111 |
8 | 123123 |
9 | 1234567890 |
10 | 1234567 |
The classic "123456" remains the undisputed king of the worst passwords.
Why Popular Passwords Aren't Safe
Popular passwords like "123456", "password", or "qwerty" are appealing since they're easy to remember. They can also readily be found just by looking at your keyboard. Since accounts are required for just about everything you want to do online these days, few have the time to create (and notate) a strong, unique password for each.
However, convenience cuts both ways: The easier a password is for you to remember, the less difficulty a cyber criminal will have overcoming it, for example, through brute force attacks. And, supposing that you use the same password over and over again, a hacker just needs to guess right once, in order to unlock each account you protected with the same email address, account name, and password combination.
How to Protect Yourself
To put things into perspective: The most common passwords can be easily cracked in less than a second. Don't use them for anything. Instead, take the following steps to equip your accounts with the best possible defenses against unwanted access.
Safe, Complex Passwords
A powerful password is any account's first line of defense. To make one, keep the following in mind:
- The longer, the better
According to the National Institute of Standards and Technology, a secure password should be at least 8 characters in length. The longer your password is, the more difficult it will be to crack. - Use all types of characters
The most common passwords either rely on numbers, letters, or a combination of the two. Formidable passwords go beyond this, including upper-case letters, as well as special characters like ?, !, {, or _. - Stay away from easy to remember phrases
While you might feel tempted to type out a phrase or string of words with a particular meaning, don't! Birthdays or names of family members can be easily sussed out with research. - Make it unique
Even the safest password shouldn't be used more than once for the simple reason that if it's leaked, it will be compromised wherever it was used. Data leaks, which you can do nothing to prevent, offer criminals golden opportunities to expand their illicit activities and overwhelm even the most imposing cyber defenses.
You can use EXPERTE.com's password checker to see how safe your current passwords are. Should you not be satisfied with the results, then head over to our password generator to create safe passwords according to stringent criteria.
In the event that you want to take your password security to the next level and fashion a unique, complex password for each account you have, there are few better tools than a password manager. We'll discuss these in greater detail below, but for now, suffice it to say that they automatically create secure, unique passwords and auto-complete login forms.
Two-Factor Authentication
A cracked password isn't the end of the world, so long as you've activated two-factor authentication. Even with the right password, those logging in, either from a new or recognized device, will need to supply a second form of authentication, such as a code delivered via text message.
Whenever offered, we recommend using this means of protection, especially for logins from unrecognized devices.
Regular Leak Cheaks
Every now and then businesses fall prey to hackers, or lose data in other ways. This can include secure passwords, instantly compromising them at absolutely no fault of your own.
To find out whether your email address has been inadvertently released in the past, use HaveIBeenPwned's email leak checker ⇱. Should you have been "pwned", immediately change the password for that account to something not used anywhere else.
The Best Password Managers From EXPERTE.com's Assessment
Password managers offer the easiest way to protect every digital account you have with a robust, unique password. But that's only one of the benefits they offer: You can use them to automatically fill out login and other forms with just a mouseclick, store sensitive documents in their vaults, and create secure notes.

You won't ever need to worry about how safe your passwords are again if using a password manager.
You'll only have to remember a single password, the so-called master password. With this, you can access your password manager's vault, where all of your other passwords and sensitive documents are stored.
A wide selection of such programs exists, so, to help in making up your mind, we looked at 12 of the best password managers in our comprehensive EXPERTE.com comparison. Here are our favorites
Dashlane

Dashlane emerged at the top of our EXPERTE.com comparison since it does everything just a bit better than its competitors. The web app's user interface is particularly intuitive, and the provider offers plenty of features. We especially liked the automatic password changer, which makes it possible to swap out weak passwords for most services with just a few clicks.
Beyond that, the password manager showed itself to be highly reliable when automatically filling out online forms, whether in a browser or on a mobile device. And the cherry on top? Dashlane is priced competitively.
1Password

1Password finished just behind Dashlane in 2nd place. Developed by AgileBits, this password manager got our nod of approval in terms of security, offering several features which its competitors lack. These include travel mode and the locally-generated 128-bit 'Secret Key', which you'll need to log in from a new device.
Another positive was the variety of data set templates on offer. You can store a copy of your passport, driving license, or even hunting permits. In terms of the essentials, 1Password has everything covered as well.
Keeper

Whether on your desktop or smartphone, Keeper offers a highly user-friendly experience. Particularly impressive was the free hand it grants in creating data sets, adding user-defined fields, or password-protecting specific entries with one-time passwords.
We didn't encounter any issues with autofill when using Keeper, and the browser extension's options are fairly comprehensive. In light of all of the above, Keeper is one of the best password managers out there.
NordPass

NordPass, the password manager brought to you by the same people behind NordVPN, made an excellent first impression with its generous free version. This doesn't have any data set limits, making it possible to save an unlimited number of passwords without paying a cent.
Apart from that, NordPass has an elegant user interface, reliable autofill, and well-functioning data import features.
Bitwarden

Bitwarden also makes friends quickly with its free version lacking data or sync limits. In comparison to most password managers, its premium version is a real bargain as well.
Wherever you use the service on your desktop, via its smartphone app, browser extension, or web interface, Bitwarden is highly intuitive. Our only complaint was that it's necessary to pay extra for most features, such as password sharing, even with a premium subscription.
All the same, Bitwarden is a great password manager.
Conclusion
As we've shown above, despite all of the cyberattacks, hacking, and identity theft plaguing the world, people still use weak and common passwords to protect sensitive and valuable information. A secure password should be at least eight characters long and include numbers, upper- and lower-case letters, and special characters. Passwords should be unique and only used for a single account.
Of course, remembering dozens, let alone hundreds of intricate and different passwords would be a challenge for anyone, making password managers an option worth seriously considering. These web-based programs automatically create secure passwords, storing them in a nearly impregnable digital database. All you'll have to do is remember a single master password, which grants you access to your vault.
In addition to secure passwords, you should also enable two-factor authentication whenever a service you've registered with offers it. We also recommend regularly checking whether your email address has been compromised in any data leaks. Whenever unsure, you can see whether any password you're using has been inadvertently released as well with our EXPERTE.com password checker.

