Worst passwords of 2023 include some familiar favorites. See the list.
When it comes to strong passwords, we never seem to learn.
Cybersecurity experts have been telling us for years what not to use for passwords, and yet, "123456" and "password" still top the list. This week, NordPass published its fifth annual list of the 200 most common passwords — and there are some repeat offenders. The password manager evaluated 4.3 terabytes of data related to cybersecurity incidents and the top passwords are truly lacking in originality. Here are the top 10:
123456
admin
12345678
123456789
1234
12345
password
123
Aa123456
1234567890
According to NordPass's findings, all of these passwords took less than a second to crack.
You May Also Like
Further down on the list are some slightly more creative passwords. Ranked at 136 is "iloveyou" (aw) and at 183 is "changeme." So, still not great.
Lock up those streaming apps
This year, NordPass dug a little deeper into the data and analyzed password strength by platform category. Streaming services have some the weakest credentials when compared to other sites. Perhaps to make it easier to share with friends and family despite Netflix's best efforts? Unfortunately, this also makes it ridiculously easy for hackers; 86 percent of cyberattacks come from stolen credentials.
Once again, let's review how to create a strong password
Passwords should be long and complex, with uppercase and lowercase letters, symbols, and numbers, and never anything related to easily guessable information, like birthdays, addresses, or phone numbers.
It's tempting, but don't reuse the same password for multiple sites. If hackers get their hands on it, they automatically have access to everywhere else it was used. NordPass also recommends taking the time to review existing passwords and update ones that are weak or repeated.
Wherever possible, try to use passkeys instead of passwords. Passkeys are unique codes, tethered to your device, making them much more secure and less susceptible to breaches. More and more companies like Apple, Microsoft, Google, and Amazon are adopting passkey support as a safer alternative.
Last but not least, consider getting one of the best password managers, which can create randomized passwords for you and then store them securely. pa
That said, password managers have been subject to breaches, so do your homework educate yourself on how password managers keep your credentials secure. Last year, LastPass was hacked, but password data was encrypted and remained secure, since only users are able to decrypt their credentials with their master password.
Topics Cybersecurity Privacy
Cecily is a tech reporter at Mashable who covers AI, Apple, and emerging tech trends. Before getting her master's degree at Columbia Journalism School, she spent several years working with startups and social impact businesses for Unreasonable Group and B Lab. Before that, she co-founded a startup consulting business for emerging entrepreneurial hubs in South America, Europe, and Asia. You can find her on X at @cecily_mauran.
