CYBER SECURITY | 6.5 MIN READ
While you may think that your passwords are relatively secure, one of you or your employees' passwords may have unknowingly made NordPass' 2020 Worst Passwords List. Weak passwords can lead to financial fraud, data breaches, phishing attacks, and more, which is why password security should be a top priority for companies looking to keep data secure. Keep reading to learn the top 200 worst passwords of 2020 and tips on how you can create a strong password.
Not enough time? Jump to:
Tips to Create a Secure Password
The following list, which was sourced from NordPass, a popular password manager, comprises the top 200 Worst Passwords of 2020 List. This was sourced from a database containing over 275 million passwords.
List Position | Password | Amount of Time to Crack It |
1. | 123456 | Less than a second |
2. | 123456789 | Less than a second |
3. | picture1 | 3 hours |
4. | password | Less than a second |
5. | 12345678 | Less than a second |
6. | 111111 | Less than a second |
7. | 123123 | Less than a second |
8. | 12345 | Less than a second |
9. | 1234567890 | Less than a second |
10. | senha | 10 seconds |
11. | 1234567 | Less than a second |
12. | qwerty | Less than a second |
13. | abc123 | Less than a second |
14. | Million2 | 3 hours |
15. | 000000 | Less than a second |
16. | 1234 | Less than a second |
17. | iloveyou | Less than a second |
18. | aaron431 | 3 hours |
19. | password1 | Less than a second |
20. | qqww1122 | 52 minutes |
21. | 123 | Less than a second |
22. | omgpop | 2 minutes |
23. | 123321 | Less than a second |
24. | 654321 | Less than a second |
25. | qwertyuiop | Less than a second |
26. | qwer123456 | 4 seconds |
27. | 123456a | Less than a second |
28. | a123456 | Less than a second |
29. | 666666 | Less than a second |
30. | asdfghjkl | Less than a second |
31. | ashley | 2 minutes |
32. | 987654321 | Less than a second |
33. | unknown | 17 minutes |
34. | zxcvbnm | Less than a second |
35. | 112233 | Less than a second |
36. | chatbooks | 1 day |
37. | 20100728 | Less than a second |
38. | 123123123 | Less than a second |
39. | princess | Less than a second |
40. | jacket025 | 8 hours |
41. | evite | 10 seconds |
42. | 123abc | Less than a second |
43. | 123qwe | Less than a second |
44. | sunshine | Less than a second |
45. | 121212 | Less than a second |
46. | dragon | Less than a second |
47. | 1q2w3e4r | Less than a second |
48. | 5201314 | 26 seconds |
49. | 159753 | Less than a second |
50. | 0123456789 | Less than a second |
51. | pokemon | Less than a second |
52. | qwerty123 | Less than a second |
53. | Bangbang123 | 2 days |
54. | jobandtalent | 3 years |
55. | monkey | Less than a second |
56. | 1qaz2wsx | Less than a second |
57. | abcd1234 | Less than a second |
58. | default | 3 minutes |
59. | aaaaaa | Less than a second |
60. | soccer | Less than a second |
61. | 123654 | Less than a second |
62. | ohmnamah23 | 12 days |
63. | 12345678910 | Less than a second |
64. | zing | 1 second |
65. | shadow | Less than a second |
66. | 102030 | Less than a second |
67. | 11111111 | Less than a second |
68. | asdfgh | Less than a second |
69. | 147258369 | Less than a second |
70. | qazwsx | Less than a second |
71. | qwe123 | Less than a second |
72. | michael | 8 seconds |
73. | football | Less than a second |
74. | baseball | Less than a second |
75. | 1q2w3e4r5t | Less than a second |
76. | party | 10 seconds |
77. | daniel | 5 seconds |
78. | asdasd | Less than a second |
79. | 222222 | Less than a second |
80. | myspace1 | 3 hours |
81. | asd123 | Less than a second |
82. | 555555 | Less than a second |
83. | a123456789 | Less than a second |
84. | 888888 | Less than a second |
85. | 7777777 | Less than a second |
86. | fuckyou | Less than a second |
87. | 1234qwer | Less than a second |
88. | superman | Less than a second |
89. | 147258 | Less than a second |
90. | 999999 | Less than a second |
91. | 159357 | Less than a second |
92. | love123 | Less than a second |
93. | tigger | Less than a second |
94. | purple | Less than a second |
95. | samantha | Less than a second |
96. | charlie | Less than a second |
97. | babygirl | Less than a second |
98. | 88888888 | Less than a second |
99. | jordan23 | Less than a second |
100. | 789456123 | Less than a second |
101. | jordan | Less than a second |
102. | anhyeuem | Less than a second |
103. | killer | Less than a second |
104. | basketball | 10 seconds |
105. | michelle | 3 hours |
106. | 1q2w3e | Less than a second |
107. | lol123 | Less than a second |
108. | qwerty1 | Less than a second |
109. | 789456 | Less than a second |
110. | 6655321 | 9 seconds |
111. | nicole | 2 minutes |
112. | naruto | Less than a second |
113. | master | Less than a second |
114. | chocolate | 3 seconds |
115. | maggie | Less than a second |
116. | computer | Less than a second |
117. | hannah | Less than a second |
118. | jessica | 7 seconds |
119. | 123456789a | Less than a second |
120. | password123 | Less than a second |
121. | hunter | Less than a second |
122. | 686584 | 43 seconds |
123. | iloveyou1 | 1 second |
124. | 987654321 | Less than a second |
125. | justin | 2 minutes |
126. | cookie | Less than a second |
127. | hello | Less than a second |
128. | blink182 | Less than a second |
129. | andrew | 2 minutes |
130. | 25251325 | 7 minutes |
131. | love | Less than a second |
132. | 987654 | Less than a second |
133. | bailey | 2 minutes |
134. | princess1 | 1 second |
135. | 0123456 | Less than a second |
136. | 101010 | Less than a second |
137. | 12341234 | Less than a second |
138. | a801016 | 33 seconds |
139. | 1111 | Less than a second |
140. | 1111111 | Less than a second |
141. | anthony | 17 minutes |
142. | yugioh | 2 minutes |
143. | fuckyou1 | Less than a second |
144. | amanda | 2 minutes |
145. | asdf1234 | Less than a second |
146. | trustno1 | Less than a second |
147. | butterfly | Less than a second |
148. | x4ivygA51F | 12 days |
149. | iloveu | Less than a second |
150. | batman | Less than a second |
151. | starwars | Less than a second |
152. | summer | Less than a second |
153. | michael1 | Less than a second |
154. | 00000000 | Less than a second |
155. | lovely | Less than a second |
156. | jakcgt333 | 3 hours |
157. | buster | Less than a second |
158. | jennifer | 2 hours |
159. | babygirl1 | 2 seconds |
160. | family | 2 minutes |
161. | 456789 | Less than a second |
162. | azerty | Less than a second |
163. | andrea | 2 minutes |
164. | q1w2e3r4 | Less than a second |
165. | qwer1234 | Less than a second |
166. | hello123 | Less than a second |
167. | 10203 | Less than a second |
168. | matthew | 17 minutes |
169. | pepper | Less than a second |
170. | 12345a | Less than a second |
171. | letmein | Less than a second |
172. | joshua | 2 minutes |
173. | 131313 | Less than a second |
174. | 123456b | 1 second |
175. | madison | Less than a second |
176. | Sample123 | 3 hours |
177. | 777777 | Less than a second |
178. | football1 | Less than a second |
179. | jesus1 | Less than a second |
180. | taylor | 17 seconds |
181. | b123456 | 1 second |
182. | whatever | Less than a second |
183. | welcome | Less than a second |
184. | ginger | Less than a second |
185. | flower | Less than a second |
186. | 333333 | Less than a second |
187. | 1111111111 | Less than a second |
188. | robert | Less than a second |
189. | samsung | Less than a second |
190. | a12345 | Less than a second |
191. | loveme | Less than a second |
192. | gabriel | 5 seconds |
193. | alexander | 2 seconds |
194. | cheese | Less than a second |
195. | passw0rd | Less than a second |
196. | 142536 | Less than a second |
197. | peanut | Less than a second |
198. | 11223344 | Less than a second |
199. | thomas | 8 seconds |
200. | angel1 | Less than a second |
Below are some password trends sourced using data from the above list. Use these trends to learn how not to build your passwords.
Hackers know common passwords and take advantage of that to crack account credentials. Many people create easy passwords by simply stringing together characters in the order they appear on their keyboard.
For instance, as you can see in the list above, variations of passwords such as "12345" and "qwerty" made the list numerous times. While passwords like this may be easy to create, they're just as easy to crack.
Short passwords can be cracked more quickly. As you'll see in the above list, many of the passwords could be cracked by a computer in less than a second because they were 8 characters or less.
Using long passwords or even passphrases makes it harder for a hacker or bot to crack them, seeing as it will take much longer.
Many passwords that made this list use only lowercase letters. In general, a lack of variety in your password, whether it's characters or capitalization, will decrease the time it takes a hacker to figure it out. Using a variety of lowercase and uppercase letters makes your password much harder to crack.
Many passwords are considered weak because they only use letters and numbers. Special characters such as @ and !, can be used to make passwords much more complex.
Consider working special characters into your passwords to make them more elaborate.
Many people construct their passwords using real words to make them easier to remember.
While this practice is a great first step towards creating secure passwords, people must keep in mind that character substitution can be used to make passwords much more complex and harder to crack, especially if those substitutions are random and not common.
Common character substitutions include changing out the letter a for @, or e for 3. While these substitutions are still memorable since the characters look similar to the original letter, they are commonly used and therefore hackers know to try those substitutions when cracking passwords.
Consider using nonsensical substitutions, such as using the number 9 in place of the letter v, or an exclamation point instead of the letter o.
Repeating passwords across accounts creates opportunities for hackers to access every account that uses that password. Hackers know that a common mistake is to repeat passwords, which is why once they gain access to one account, they may try to hack others using the same credentials.
For instance, if you use the same password for your work email and your company's HR platform, a hacker that figures out the password to your email can also access your HR platform.
Even if you change a password slightly with character substitutions or a variation of capitalization, a hacker can quickly figure out a variation of a password.
Aim to have a different password for every account you have. Even if you use a variation of the repeated password for a non-important account like your Twitter profile, if a hacker breaks into accounts you don't care about, they are just a few steps away from breaking into accounts that you do value.
Creating passphrases instead of passwords can better secure your accounts. Passphrases involve stringing together a few words, preferably with character substitutions, to create a lengthy and complex password that's hard to crack.
For instance, "blue chick!n Hawai8 sev0n" could be a passphrase. Note how character substitutions were used to make the passphrase more complex. Keep in mind, however, that hackers know all of the most common character substitutions, such as using 3 for e and @ for a, so consider using randomized character substitutions like the ones above.
Basic personal information such as your birthday and your alma mater are easy to remember, which is why many people include this kind of information in their passwords.
However, in the age of social media, this information can easily be found online. If a hacker browses your Facebook profile, for instance, they can use your pictures, posts, and "About Me" information to find out the common information used in passwords.
Though you may be tempted to include common personal information in your passwords, refrain from doing so whenever possible. If you really prefer to use personal information to make a memorable password, consider using extremely specific information that's not readily available online.
For instance, if your dream job when you were a kid was an astronaut, you can incorporate that into your password. Or, if you had a favorite dining hall in college, maybe include some variation of that in a password. When building a password, aim to use as much hard-to-find information as possible.
RELATED: How to Create and Secure a Strong Password?
As a Managed Service Provider, we assist companies in implementing employee cyber security education policies such as password protocols to mitigate data breach risks.
Use the Worst Passwords of 2020 List as a guide on what not to do, and our password tips as a guide on what to do instead.
Follow our blog for more trending cyber security topics!