Make sure your password is not on the list of 200 most common combinations

Still using simple passwords? Think of it as leaving your front door unlocked. And if you find one of your passwords on the annual list of the 200 most-used passwords, you’re practically holding the door wide open. From “123456” to “qwerty” – if you find your password in this selection, Techkult strongly recommends changing it or activating multifactor authentication – the digital equivalent of extra locks.

The list of the most commonly used passwords was compiled by NordPass, a Panama City-based secure data storage company. NordPass claims to have compiled the compilation with the help of independent cybersecurity experts, processing a 4 terabyte database.

Here’s a list of the 20 most commonly used passwords:

123456
qwerty
123456789
12345
password
qwerty123
1q2w3e
12345678
1234567890
1q2w3e4r5t
qwertyuiop
asdasd
qwe123
987654321
654321
555555
1q2w3e4r
zxcvbnm
123qwe
qazwsx

Full list here

More than 100 million people used the very first option – “123456”. This means that the probability that this password can be picked is very high. For example, if there were a total of 1 billion accounts, using this password would reduce the probability of being hacked from 1 in 1 billion, to 1 in 10.

The list also shows how popular some combinations that seem safe at first glance are. For example, “qazwsxedc” looks complicated until it’s clear that it’s just vertical rows on the keyboard, starting with the “q” symbol. The same can be said for “q1w2e3r4”, which involves going from “q” to “1” and then back to “w”. NordPass claims that it takes less than one second to guess these passwords, although users may think they’ve found something more secure than the banal “qwerty”.

According to NordPass, a complex password contains at least 12 characters and a variety of combinations of upper and lower case letters, numbers and symbols. The length requirement for a password is explained by simple mathematics: the more characters to be picked, the more time it takes to guess them.
The worst passwords are easily identifiable sequences that follow human logic. These are strings or columns on a keyboard, simple words or terms – names, names of famous bands or sports teams. A varied combination of all types of characters is much harder to guess at once.

Instead, for each character, you must guess all 26 lowercase and uppercase Latin letters, all punctuation marks, and all special characters such as “$” and “%.” If you multiply that by the total length of the password, the difficulty of guessing it increases significantly. NordPass also recommends changing passwords every 90 days and not using them repeatedly on different sites.