Americans’ most common password is “secret”

December 13, 2024

0

The sixth edition of NordPass’ annual Top 200 Most Common Passwords research is out — for the first time ever, it reveals both personal and corporate passwords internet users choose to secure their accounts

filters quality 60 format avif

Research reveals both netizens and corporate employees love the same passwords: 40% are identical

This year, the most common password in the United States is “secret,” which marks a new trend. In the meantime, last year’s winner “123456” moved to the second position and ranks first worldwide. NordPass has released the sixth edition of its annual Top 200 Most Common Passwords research, revealing the most common passwords worldwide and in 44 countries separately. This year, NordPass also checked how corporate passwords people use to secure work accounts differ from those for personal accounts.

Individual users’ passwords in 2024 — what changed in a year?

Below are the top 20 most common passwords in the US. The full list is available here: https://nordpass.com/most-common-passwords-list/

  1. secret

  2. 123456

  3. password

  4. qwerty123

  5. qwerty1

  6. 123456789

  7. password1

  8. 12345678

  9. 12345

  10. abc123

  11. qwerty

  12. iloveyou

  13. Password

  14. baseball

  15. 1234567

  16. 111111

  17. princess

  18. football

  19. monkey

  20. sunshine

The sixth time's definitely the charm, but not when investigating people’s personal passwords. NordPass, which partnered with NordStellar to run the study, concludes that this year’s list again includes the worst possible choices for passwords. However, some trends are radically new and worth exploring.

  • Almost half of the world’s most common passwords this year are made of the easiest keyboard combinations of numbers and letters, for instance, “qwerty,” “1q2w3e4r5t,” and “123456789.” The US is no exception here, with such passwords leading the list.

  • The US is the only country where “secret” ranks as the top pick for passwords. Interestingly, last year, this password wasn’t found among Americans’ most common choices. In most other countries, “123456” remains the number one password.

  • With experts repeatedly urging internet users to make their passwords stronger, many seem to have misunderstood the assignment. The popularity of “qwerty” has been challenged by similarly weak “qwerty123,” which is now the most common password in Canada, Lithuania, the Netherlands, Finland, and Norway. In the US, this password also made a huge jump this year, reaching the top five.

  • The word “password” can now be considered one of the most common and enduring passwords. Year after year, it ranks at the top of every country’s list. In the US, it is the third most-used password. For the British and Australians, it is the number one choice.

  • Americans used notably more dictionary words in their passwords this year, compared to 2023. While they are known to be extremely vulnerable to cyberattacks, people in the US yet again went for sports references (e.g., “football,” “baseball”), animal names (e.g., monkey), and loving words (“iloveyou,” “princess,” “sunshine.”)

According to NordPass’ study, 78% of the world’s most common passwords can be cracked in less than a second. Compared to last year (with 70%), this tells that the situation has worsened.

Corporate passwords are just as bad

Digging deeper, in this year’s edition of NordPass’ annual Top 200 Passwords study, researchers additionally investigated how the passwords used both for personal and work use differ. The results are surprising — 40% of the most common passwords used among individuals and business representatives are the same.

Nevertheless, experts noted some interesting differences too. Default passwords such as “newmember,” “admin,” “newuser,” “welcome,” and similar are more commonly used for business accounts. Passwords presumably created for new users with an idea that they will change them, such as “newpass” (the 14th most common corporate password in the US) or “temppass,” also often get leaked because people are not big fans of changing their passwords.

“No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person. This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online,” says Karolis Arbaciauskas, head of business product at NordPass.

Hidden dangers

According to the previously conducted survey by NordPass, on average, a single internet user has 168 passwords for personal use and 87 passwords for work use. While managing this load is simply too complicated for most, experts say that it is only natural that people tend to create weak passwords and, of course, reuse them.

However, weak passwords created by company employees serve hackers because with brute-force, dictionary, or similar large-scale attacks they can gain easy access to the company's internal IT systems. In another common scenario, hackers break into the company using the leaked personal credentials of an employee just because they used the same passwords for both personal and work accounts.

How to properly manage your passwords for work and personal use

To avoid falling victim to cyberattacks because of irresponsible password management, Arbaciauskas recommends following a few simple but effective cybersecurity practices.

  1. Create strong passwords or passphrases. Passwords should be at least 20 characters long because the latest studies show that longer password length can do wonders. A secure password consists of a random combination of numbers, letters, and special characters. Alternatively, you can use a passphrase. Imagine it as a long string of random words — it shouldn’t be a line everyone knows.

  2. Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets stolen, hackers can use the same credentials for other accounts.

  3. Switch to passkeys wherever possible. Passkeys are considered the most promising alternative to replace passwords for good. Most modern online service providers, including Google, Microsoft, and Apple, offer passkey support for their clients.

  4. Set up a password policy in your organization. Password managers allow companies to safeguard their credentials and effectively manage them, setting up password rules within the organization. Multi-factor authentication (MFA) requirements should also be considered when adopting a password policy.

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.

Share this listing
ProductsNordVPNNordPassNordLockerNordLayerNordStellarSailyNord Security Business Suite
About UsOur StoryOur TeamOur ValuesLocationsPartners PagePartners & FriendsCorporate ResponsibilityLeadershipPatents
CareersValuesBenefitsMillion reasons to joinHow We HireTeamsAll JobsRefer a friendNordInPrivacy notice
BlogGrowthCybersecurityEngineeringLifeAll StoriesWorld's Fastest Run
PressLatest NewsPress MaterialsAnnual ReportsAwardsContact Us
Contact UsPartnership & salesMedia inquiriesGeneralCareers

© 2024 Nord Security. All rights reserved. Read our Privacy Policy.