Skip to content

15 Most Common Passwords in 2023 – Stay Away From These!

Using an extremely common password like "123456" or "password" can be akin to leaving the keys in your car‘s ignition with the doors unlocked. It offers hackers an open invitation to access your online accounts and steal sensitive personal information.

As an experienced cybersecurity professional, I strongly advise you to avoid using the most common passwords. In this article, I‘ll analyze the latest data on the worst password offenders, explain the risks, and offer expert tips to strengthen your password security.

Why You Must Avoid Common Passwords

Before diving into the data, let‘s quickly cover why using common passwords is so problematic.

When you use an overly simplistic or generic password, there‘s a good chance that credential has already been leaked through a prior data breach. Cybercriminals take these huge lists of compromised passwords and use them to try gaining access to other online accounts.

If you reuse a password across multiple sites, just one breach leaves all your accounts vulnerable. Hackers also use passwords from leaks to crack into accounts through brute force login guessing.

The consequences of a hacked account can be severe – identity theft, bank fraud, email infiltration, loss of irreplaceable data, and more. I‘ve seen many examples through my work where a single weak password led to life-altering damages for victims.

But the good news is that avoiding common passwords and using strong, unique credentials for each account makes you far less susceptible to these attacks.

2023‘s Worst Offender Passwords

Now let‘s examine the latest data on the most commonly used passwords that you should avoid at all costs.

According to the large-scale analysis conducted by NordPass, here are 2023‘s top 15 worst passwords with the estimated number of times they‘ve been used:

Password Usage Count (Estimates)
123456 103 million+
123456789 46 million+
12345 32 million+
qwerty 22 million+
password 20 million+
12345678 14.7 million+
111111 13.3 million+
123123 10.2 million+
1234567890 9.6 million+
1234567 9.3 million+
qwerty123 8.9 million+
000000 8.3 million+
1q2w3e 8.2 million+
aa12345678 8 million+
abc123 7.1 million+

Many of these like "password" and "qwerty" have remained fixtures on the list year after year, which shows that poor password hygiene is still rampant.

Have you ever used any of these before? If so, it‘s crucial you stop immediately and change them everywhere they were used. I‘ll explain how to properly create more secure credentials later in the article.

Geographic Trends in Password Security

It‘s also useful to analyze the geographic patterns in the prevalence of weak passwords. The NordPass research highlights some interesting trends:

  • Russia, the U.S., Canada, France and Germany had the highest usage of breached passwords. This suggests room for improvement in password education.

  • China, Japan, and Italy had the lowest usage of breached passwords. Their populations may be more aware of good password hygiene.

  • Developing nations in Africa and South America were generally less susceptible to password leaks. Their lower digital connectivity likely contributes.

  • India was a notable outlier with relatively high breach rates despite being a developing country. Rapid digital transformation may be a factor.

So in summary, the data indicates that more technologically connected nations face greater password security risks. But we all need to be vigilant regardless of location.

How to Dramatically Strengthen Your Passwords

Now that you know which common passwords to avoid, let‘s discuss some best practices to make your credentials far more secure:

Use a password manager

Password managers like NordPass and 1Password are immensely helpful for both generating and storing strong, unique passwords for all your accounts. I rely on them daily as part of my own cybersecurity routine.

Generate long, random passwords

For key accounts like email, banking, etc. I recommend using password generators to create lengthy random character strings that are extremely resistant to guessing and brute force attacks. Mix upper and lowercase letters with numbers, symbols and punctuation marks for maximum strength.

Never reuse passwords

This is critically important – always use brand new credentials for each account and avoid duplication. That way one breach doesn‘t expose all your other accounts.

Enable two-factor authentication (2FA)

SMS and authenticator app based 2FA adds an extra layer of account security on top of your password by requiring a one-time code from your phone when logging in. Turn this on especially for email, financial, and work accounts.

Change passwords annually

You should change your passwords once a year at minimum to limit any damage in case credentials are leaked in a breach. Some financial sites may even require this.

Check HaveIBeenPwned

This helpful site aggregates data from major password leaks and allows you to search for your own emails and passwords to see if they‘ve been compromised. I recommend doing this periodically as part of your online security routine.

There are other valuable tips I won‘t get into here, but following these best practices diligently will help you avoid becoming a victim of the widespread password security pitfalls.

Stay vigilant out there and please reach out with any other cybersecurity questions! I‘m always happy to help educate people on protecting themselves online.


Streamr Go

StreamrGo is always about privacy, specifically protecting your privacy online by increasing security and better standard privacy practices.