The most common passwords of 2021 are outright embarrassing

Shawn Knight

Posts: 14,454   +171
Staff member
Facepalm: NordPass has published the 2021 edition of its most common passwords list and to the surprise of absolutely nobody, it’s essentially a rehash of last year’s list. In other words, lots of people are still using incredibly weak and common passwords that can be cracked with ease.

The password management service has compiled a list of the top 200 most common passwords based on its research. The list details the password itself, how long it would take to crack it and how many times it appeared in their research.

If you guessed that the most common password was “123456,” give yourself a pat on the back. This incredibly common password appeared more than 103 million times in NordPass’ research and would take less than one second to crack. In fact, every password in the top 10 and all but one in the top 50 can be cracked in less than one second.

Passwords two through five include “123456789,” “12345,” “qwerty,” and “password,” in that order.

On the opposite end of the spectrum, “1g2w3e4r,” “gwerty123,” ”myspace1,” and “michelle” all tied for the toughest passwords on the list with a crack time of three hours.

NordPass also identified the countries most affected by data leaks, with the US, Chile, Australia, New Zealand, Russia, France, Italy and Germany leading the pack, among others.

If you haven’t yet made the switch to a password manager, now is as good a time as any to do so. 1Password recently launched a new version of its manager for Windows, but that’s just one option in a field of many to choose from.

Permalink to story.

 

Plutoisaplanet

Posts: 848   +1,362
On the opposite end of the spectrum, “1g2w3e4r,” “gwerty123,” ”myspace1,” and “michelle” all tied for the toughest passwords on the list with a crack time of three hours.
Hey Shawn, I think there might be something wrong with your "q" key :yum

EDIT: Just checked and apparently the passwords with a "g" in place of a "q" are the ones with the longest crack time.
 
Last edited:

Plutoisaplanet

Posts: 848   +1,362
My passwords are BRILLIANT.
Liar:
UJ7JOEj.png
 

p51d007

Posts: 3,371   +3,035
You should make it the word "incorrect". That way, if you type it in wrong, it will
say "your password is INCORRECT". ;)
 

Ben1978

Posts: 146   +105
I use LastPass password manager. Without it all my passwords would be easy to crack. With it they are pretty hard; impossible if I use the random password generator. Only issue is you have to remember, and keep confidential, the master password!
 

DonquixoteIII

Posts: 121   +73
Password strength should depend on the nature of the site you are registering for. Take, for instance, Techspot, Doesn't (for me) require a 'strong' password because I have no vested interest in the site. I don't buy, sell, or have any stored information beyond what is required to register. My bank? Different story. SO, to mention strength of passwords without mentioning the TYPE of websites checked is useless. Try checking a list of financial institutions and a list of weak passwords on them.

There are way too many sites that require passwords as an excuse to hoover up personal data. Such as Techspot.
 

Theinsanegamer

Posts: 3,761   +6,571
Why are such passwords even allowed to begin with?
Because 99% of people IRL are functionally retarded when computers are involved. Ask anyone who works in tech; most people are hardly able to open Chrome. A "secure" password as far as these sites are concerned is something ludicrous like "1g87f09co587nihg!FUIS0053mnkfvfgi" which is both a royal pain in the *** to type and impossible to remember. That means any site that enforces such a rule is going to deal with a flood of requests from users who constantly forget their passwords, or users simply wont be able to create their accounts and simply refuse to use the site. Even techies will balk at such a password system.

 

ziffel66

Posts: 141   +233
All these articles do is illustrate that passwords are a poor security method. You can't depend on plebs to create strong passwords. They simply aren't going to do it. They don't care, and they just want to be able to remember it. If you want strong passwords you have to force it (require symbol, X characters, numbers, etc). or develop a better system (2FA or something).

Most tech luddites don't remember their passwords even when they make simple ones. Hell half of them think they don't have a password (because FB logs them in automatically).

These articles seem to be pointing and laughing at people who use '123456', when really, we should be laughing at the system that *allows* '123456' to be used.
 

Eldritch

Posts: 497   +897
We can laugh all we want but in most organizations computer passwords are still 1234,123456, admin and password.

Computers run age old versions even Windows XP can be seen in some systems.

All users use admin accounts.

Substandard anti-viruses are used and Firewalls are never properly configured.

What's amusing is, configuring you computer for good security and properly securing it is frowned upon in most places as it may break use of legacy softwares.
 
What I always find a bit off about these articles on the most common passwords is where is this data coming from? Is it ethically responsible for Nord Pass to be conducting this research?
 

Geralt

Posts: 1,301   +2,080
Since I am captain security, my shortest password contains 12 characters and the longest 35. All a mixture of lowercase, uppercase, numbers and symbols. I am really paranoid and the exact opposite to the average mor0n.
 

romainB

Posts: 57   +7
I think as much harder password as much harder to get hacked . so better to use hard password . letters numbers and symbols mixed it .
 

theruck

Posts: 548   +345
Passwords in IT industry are the biggest scam ever. it created false feel of security while every password can and will be eventually guessed.
a password has very little to do with proving persons identity. all readers here know dozens of passwords of other people.
 

EchoWhiskey

Posts: 21   +14
... while every password can and will be eventually guessed.

Keyword is 'eventually'...
Depending on the length/complexity of your password, 'eventually' may be in the hundreds/thousands/millions/whatever of years, even when using todays super computers.
It depends on the user.
 

theruck

Posts: 548   +345
Keyword is 'eventually'...
Depending on the length/complexity of your password, 'eventually' may be in the hundreds/thousands/millions/whatever of years, even when using todays super computers.
It depends on the user.
Microsoft accounts (Live, Outlook, Hotmail, etc) have a maximum limit of 16 characters only. Thus, even though the login box of Windows 10 allows 127 characters, you are forced to use a password of maximum of 16 characters. Yahoo and Google are better in this case that allows 32 and 200 characters respectively.