These passwords take 1 second to crack

November 22, 2024

By Kim Komando

Here’s a wild stat: 78% of the world’s most common passwords can be cracked in less than a second. The most-used password in the world, “123456,” has been leaked more than 3 million times. And get this: 1.2 million of those were corporate passwords.

This is based on fresh research from my password manager pick. For six years, NordPass has studied how we handle passwords. Let’s dive into the numbers. Spoiler: It’s not pretty.

The most common leaked passwords

NordPass analyzed more than 9 million stolen passwords. The most common:

1. 123456 (found 3,018,050 times)
2. 123456789 (found 1,625,135 times)
3. 12345678 (found 884,740 times)
4. password (found 692,151 times)
5. qwerty123 (found 642,638 times)
6. qwerty1 (found 583,630 times)
7. 111111 (found 459,730 times)
8. 12345 (found 395,573 times)
9. secret (found 363,491 times)
10. 123123 (found 351,576 times)

All of these take less than 1 second to crack. One trick is a brute-force attack, where hackers try every password combo until they hit the jackpot. 

They also use leaked password databases from previous breaches.

Because many people reuse their passwords, your leaked Netflix login could allow them to access your cable company account, too.

Making a big mistake worse

Of course, all these were stolen or hacked, so you’d expect them to be weak. But the list also includes some you might be using even if you’re more tech-savvy.

Think sequential numbers or letters on a keyboard (e.g., “567890” or “asdfgh”), repeated characters (e.g., “99999”), or easy-to-guess words like “princess” or “baseball.” You’re not the only one using pet names, hobbies or your favorite teams for inspiration.

Here’s the scariest part: 40% of the most common passwords in the personal and work lists are identical. That means if hackers get into one of your personal accounts, they can waltz right into your work systems, too.

Is it really that big a deal?

A single breach can result in major financial loss, like drained bank accounts or unauthorized credit card charges. Those can take months (or longer) to clean up.

Your privacy can also take a hit. Hackers share sensitive information or impersonate victims to scam their friends and family — or they sell it on the Dark Web, where it can be used for identity theft or blackmail.

Take the Colonial Pipeline ransomware attack. Weak passwords allowed hackers to shut down a major U.S. fuel supply, costing almost $5 million in ransom alone. Even people outside the attack felt the sting, like victims of PayPal and Venmo fraud who lost money because of reused passwords.

Tips for creating strong, secure passwords

Ready to give your passwords a makeover? Here are a few quick tips to keep your accounts safe and sound:

• Use at least 12 characters (more is better!) with a mix of letters, capitalization, numbers and symbols.
• Stay away from guessable info like birthdays or names.
• Try a passphrase for easier memorization, like “Sunshine&KimKomando!2024.”
• Never reuse passwords across multiple sites.

Woof, I know. There’s a reason so many folks write down their passwords or stick with weak ones. My trick? A solid, award-winning password manager.

Let NordPass do it for you

NordPass generates super-secure passwords and stores them in unlimited encrypted storage. Everything syncs seamlessly across your devices, including Windows, iPhone, Mac and Android.

It does more than remember your logins, though. NordPass checks for leaked credentials, flags weak passwords and even logs you into trusted sites automatically. Need to store your credit card info or important files? It handles that, too.

✅ Right now, try NordPass risk-free for just $1.23 a month. You deserve password freedom!

Speaking of … A man asks the bartender for the Wi-Fi password. The bartender replies, “You have to buy a drink first.” So the man buys a Coke. “OK, now what’s the Wi-Fi password?” The bartender replies, “youhavetobuyadrinkfirst — all lowercase, no spaces.”