Top 200 Most Common Passwords
nordpass.com
For the seventh year in a row, NordPass presents its list of the top 200 most common passwords. Discover how common password trends differ across generations of users.

Seven years since our first top 200 common passwords list, we’ve witnessed how credential trends have changed — and what has remained the same. Each year, we rediscover people’s tendency to opt for weak passwords that prioritize convenience over security.

However, this year, we decided to ask ourselves: How do different generations treat their password use? From the silent generation to the “zoomers,” we analyzed which passwords are the most common among different user groups. As it turns out, bad password habits are trendy no matter how old you are.

  • thingsiplay@beehaw.org
    13·
    22 hours ago

    Looking at the different countries is also funny. The only password I’m not surprised about is admin, because that’s probably the default for most devices maybe? Unless user changes it manually.

    But my question is, are these only “hacked” passwords? Because those who are not hacked, you don’t know what passwords they have. So this is a bit of bias here, right?

    • t3rmit3@beehaw.org
      6·
      18 hours ago

      But my question is, are these only “hacked” passwords? Because those who are not hacked, you don’t know what passwords they have. So this is a bit of bias here, right?

      No, that’s not how these are obtained. Password dumps are from attackers breaching a site’s user database and dumping their credentials, usually by phishing administrators’ logins. Attackers are brute-forcing passwords anymore except on a one-off, very rare basis. Here’s a list of publicly-known password dumps, and you can see details about where they came from: https://haveibeenpwned.com/PwnedWebsites

      • thingsiplay@beehaw.org
        4·
        18 hours ago

        Ah right, that makes sense. I know that site, but didn’t think of. I know not the smartes in the town.^^

        I also wonder if people do more secure passwords for important services. Or do they treat it the same? My parents always used their birthday as password, so they do not forget it. Which not much more secure than 1234.

        • t3rmit3@beehaw.org
          2·
          11 hours ago

          I also wonder if people do more secure passwords for important services.

          In my experience, most people have at most 2-3 passwords, and some do choose a “more secure” one for things like banking and work. Very few people use a password manager.

    • Creat@discuss.tchncs.de
      4·
      19 hours ago

      Thankfully this isn’t allowed for new devices being sold in the EU anymore. They are required to have a per-device individual password now. Hopefully this effectively causes the practice to at least become much less common globally. After all, if you’ve setup the needed manufacturing steps, there’s little sense in skipping them depending on a target region.

    • smeg@feddit.ukEnglish
      3·
      20 hours ago

      You didn’t fill in the survey when the password inspector sent you that email? Rude!