The Most Vulnerable Passwords of 2024-2025

Choosing a password is something that puts the little grey cells of both everyday users and cybersecurity professionals to the test. And nothing makes people roll their eyes more than being reminded to have unique passwords for all your online accounts.

Meanwhile, it took attackers about 1 second to crack most of the participants in the selection of the worst passwords of 2020.

How the Password Vulnerability Study Was Conducted

The compilers of the most hacked passwords list – the makers of the password manager NordPass – worked with a third-party vendor to evaluate a database of 275,699,516 passwords. Of those, only 122,894,788, or 44%, were unique. The rest were repetitions of common, easy-to-remember passwords that left users highly vulnerable to online threats. Only 78 of the 200 most commonly used passwords this year were new.

  • The list shows the number of users using a particular password, how many times the password was hacked, and how long it took to hack it.
  • Nordpass creators also compared the worst passwords of 2019 and 2020, indicating how their positions have changed.
  • Green arrows indicate an increase in the position, and red arrows indicate a decrease.

Leaders among the most hacked passwords

So, what password has been voted the most popular (i.e. weakest) every year since 2013? No, it's not "password," which is number 4. And it's not even "qwerty," which is only number 12.

In fact, the champion of password vulnerability is "123456", and its longer relative "123456789" takes the second position.

A newcomer to the top three is picture1, which took as much as 3 hours to crack. Other new vulnerable passwords include naruto (112th place), password123 (120th place), and starwars (151st place).

Another interesting fact: the five most frequently used weak passwords are used by over 4 million users in total. And this is only according to Nordpass, so the real number of those who choose simplicity over security may be much higher.

Самые взламываемые пароли 2020

If your password is on the list of most used in 2020, we recommend changing it immediately. And NordPass suggests changing passwords every 90 days, mixing uppercase and lowercase letters, and creating different passwords for each of your accounts.

How to protect your password from hackers

Password management apps (such as Nordpass, 1Password, Dashlane, and LastPass) are currently the best method for reducing the risks that passwords pose to individuals and organizations. Password managers are inexpensive and easy to use, giving users the ability to generate and store long, random passwords.

You can also add a layer of multi-factor authentication on top of your password manager to further secure your “secret vault.” One password to remember is much better than several.

When choosing a password, you should avoid patterns or repetitions, such as letters or numbers placed next to each other on the keyboard. Also, adding capital letters, symbols, and numbers in unexpected places to your password will make it much more difficult for a hacker.

And what you should definitely not do is use personal information as a password, such as your date of birth or names.

Let's briefly sum up

A secure password is not found in the public domain (e.g. in dictionaries), is not used in other user accounts, and contains several random characters that would take forever to guess.

Password fatigue is a real problem that leaves your personal data and other important information vulnerable to being stolen by hackers. The creators of password manager Dashlane recently surveyed 1,000 people about their security habits and found some interesting statistics:

  • 89% consumers felt secure with their current password management and use habits.
  • However, 61% used the same passwords on multiple sites.

What age group of people most often use the same passwords for different services? The answer may surprise you…

1ena4yv5