Table of Contents
Introduction
In this report, we will analyse the most hacked passwords in 2023, focusing on the vulnerabilities they pose to users. We have gathered extensive data and industry trends from the SafetyDetectives Research Team to compile this report. By analysing leaked data from hacking forums, marketplaces, and dark websites, we aim to identify patterns and trends that make users more susceptible to unauthorised access, identity theft, and data breaches.
Before we delve into the report, we strongly recommend using a password manager like LastPass to enhance your online security. LastPass not only provides a secure storage vault for your passwords but also offers a convenient password generator, enabling you to create strong and unique passwords that are more resistant to malicious actors.
Analysis of Passwords
Total Number of Passwords Analysed
We have analysed a total of 18,419,945 passwords, including:
- 9,056,593 passwords from various worldwide databases.
- 328,000 passwords from hacked .edu users.
- 9,000,000 country-specific passwords.
Top 30 Most Used Passwords in the World
The following passwords are the most commonly used and hacked passwords worldwide:
- 123456
- password
- 123456789
- 12345
- 12345678
- qwerty
- 1234567
- 111111
- 1234567890
- 123123
- abc123
- 1234
- password1
- iloveyou
- 1q2w3e4r
- 000000
- qwerty123
- zaq12wsx
- dragon
- sunshine
- princess
- letmein
- 654321
- monkey
- 27653
- 1qaz2wsx
- 123321
- qwertyuiop
- superman
- asdfghjkl
General Password Trends in the World
- The word “password” and its variations are highly popular as passwords worldwide.
- Common words and phrases, such as “letmein,” “iloveyou,” “princess,” and “superman,” are widely used.
- Keyboard patterns, such as “qwerty,” are commonly employed, with 25% of the top 30 passwords being keyboard patterns.
- Numeric patterns, such as increasing or repetitive numbers, are prevalent in passwords.
Most Common Password Patterns
- Numeric patterns are widely favoured for creating weak and easy-to-guess passwords.
- Increasing or repetitive numeric patterns are observed in the top 10 and top 30 most used passwords.
- The word “hello” is a popular password choice in different languages.
- Certain countries exhibit specific password trends, such as the use of first names in passwords by Italian and Spanish users, and the preference for keyboard patterns amongst Russian users.
Country-Specific Password Analysis
Germany – Top 20 Most Used Passwords
- 123456
- 123456789
- 12345678
- hallo123
- hallo
- 12345
- passwort
- lol123
- 1234
- 123
- qwertz
- ficken
- 1234567
- arschloch
- 1234567890
- 1q2w3e4r
- killer
- sommer
- schalke04
- dennis
- The most common password pattern amongst German users is simple and easy-to-guess increasing numeric passwords, such as “123” and “1234567890.”
- The word “passwort” (“password”) and keyboard patterns using the German layout, such as “qwertz,” are also popular choices.
France – Top 20 Most Used Passwords
- azerty
- marseille
- loulou
- 123456
- doudou
- 010203
- badoo
- azertyuiop
- soleil
- chouchou
- 123456789
- bonjour
- nicolas
- jetaime
- motdepasse
- alexandre
- chocolat
- coucou
- camille
- caramel
- The most common password pattern amongst French users is the French version of “qwerty” – “azerty.”
- Common French words and phrases, such as “marseille,” “bonjour,” and “chocolat,” are also popular choices.
Russia – Top 20 Most Used Passwords
- qwerty
- 123456
- qwertyuiop
- qwe123
- 123456789
- 111111
- klaster
- qweqwe
- 1qaz2wsx
- 1q2w3e4r
- qazwsx
- 1234567890
- 1234567
- 7777777
- 123321
- 1q2w3e
- 123qwe
- 1q2w3e4r5t
- zxcvbnm
- 123123
- Russian users predominantly choose keyboard patterns for their passwords, as seen in the top 20 list.
- Meaningful words, both in Russian and English, are less frequently used as passwords compared to other countries.
Italy – Top 20 Most Used Passwords
- 123456
- 123456789
- juventus
- password
- 12345678
- ciaociao
- francesca
- alessandro
- giuseppe
- martina
- francesco
- valentina
- qwertyuiop
- antonio
- stellina
- federico
- federica
- giovanni
- lorenzo
- asdasd
- First names, such as “francesco,” “alessandro,” and “giuseppe,” are popular password choices amongst Italian users. This practice, when combined with an email address mentioning the same first name, increases password vulnerability.
- The Italian soccer team “juventus” is also a popular choice among Italian users.
USA – Top 20 Most Used Passwords
- password
- 123456
- 123456789
- 12345678
- 1234567
- password1
- 12345
- 1234567890
- 1234
- qwerty123
- qwertyuiop
- 1q2w3e4r
- 1qaz2wsx
- superman
- iloveyou
- qwerty1
- qwerty
- 123456a
- letmein
- football
- US users have varied password choices, including increasing numeric patterns, keyboard patterns, and common words or phrases.
- “Qwerty” is a frequently used password, with 25% of the top 20 passwords containing this pattern.
Spain – Top 20 Most Used Passwords
- 123456
- 123456789
- 12345
- 12345678
- 111111
- 1234567890
- 000000
- 1234567
- barcelona
- 123456a
- 666666
- 654321
- 159159
- 123123
- realmadrid
- 555555
- mierda
- alejandro
- tequiero
- a123456
- Spanish users show a preference for numeric patterns, similar to German users.
- Two famous Spanish soccer teams, “barcelona” and “realmadrid,” have their names in the top 20 password choices.
Top 20 Most Used Passwords for .edu Users
- 123456
- password
- 123456789
- secret
- 12345
- password1
- football
- baseball
- 123123
- abc123
- soccer
- 1234
- qwerty
- sunshine
- basketball
- monkey
- ashley
- princess
- 12345678
- 1234567
- .edu users often choose common passwords, with such passwords constituting 60% of the overall top 30 list.
- Names of sports, such as “football” and “baseball,” are frequently used as passwords by .edu users.
Analysis of Password Patterns
Worldwide Trends
- The word “password” and its variations are the most popular choices worldwide.
- Culturally relevant words and phrases are widely used, such as “angel,” “dragon,” and “superman.”
- European users, especially Italians and Spaniards, prefer using first names as passwords.
- Russian users differ from other populations and often choose keyboard patterns over meaningful words.
First Names in Passwords
- Many users, particularly Italians, Russians, and Germans, use first names inside passwords, often correlated with their email addresses.
First Names + 123 Patterns in Passwords
- Users sometimes add a “123” prefix or suffix to their passwords, but this simple pattern is highly common and easily guessable by hackers.
Famous People, Brands & Pop Culture Figures in Passwords
- Pop culture references, historic figures, and brand names are frequently used in passwords.
- The names “Christ” and “Jesus” are popular choices, along with brands like “Google,” “Apple,” and “Samsung.”
- TV series like “Friends” and “Star Wars” also influence password choices.
- Sports figures, such as “Ronaldo,” make appearances in passwords.
Hacker’s Top 10 Most Used Passwords List Explained
- The Hacker’s Top 10 most used passwords list is compared to our findings to identify commonalities.
- Passwords like “123456” and “password” are the most insecure choices globally.
- The Hacker’s Top 10 list aligns with the overall password trends, making these passwords highly susceptible to dictionary attacks.
Match Between Countries’ Top 10 and Hacker’s Top 10
- The match between countries’ top 10 passwords and the Hacker’s Top 10 list varies.
- Worldwide, there is an 80% match between the two lists.
- The US and Spain have a 50% match.
- Italy and Russia have a 33% match.
- Germany has a 25% match.
- France has a 10% match.
Additional Insights on Worldwide Password Trends
- Italian and US populations are most likely to use first names or email-related words in their passwords.
- Russian users prefer keyboard patterns and numbers in their passwords.
- The phrase “iloveyou” is a popular choice in various languages.
- Certain passwords, like “111111” or “000000,” are more likely to be used on mobile devices.
Most Common Year Used in Passwords
- Surprisingly, the year 2013 is frequently used as a prefix or suffix in passwords.
- Birth years, significant family years, or the year of password creation are also common choices.
- However, using such easily guessed years compromises password security.
Using Birthdays in Passwords
- Using birthdays in passwords is risky due to their predictability and ease of discovery.
- Attackers can easily obtain or guess birthdays through social media or public records.
- Birthdays are often targeted in brute-force attacks or dictionary-based hacking attempts.
- To enhance password security, avoid incorporating birthdays and instead generate unique and complex passwords using password managers.
How to Improve Password Strength
To improve password strength and protect against hacking attempts, consider the following tips:
- Do not reuse passwords across multiple accounts.
- Use passwords that are longer than 8 characters.
- Avoid including words from your email address in your password.
- Include numbers, capital letters, and special characters in your passwords.
- Avoid common names, cities, or cultural references in passwords.
- Utilise a password manager like 1Password to generate and store secure passwords.
By following these guidelines, you can significantly enhance your password security and protect your online accounts from unauthorised access and data breaches.
Frequently Asked Questions
How many times has my password been hacked?
To determine if your password has been compromised, use a dark web scanner like the one offered by Norton’s security suite. These scanners search the dark web for leaked databases and breached accounts, providing insights into the security of your passwords. By inputting your email address into the scanner, it cross-references it against known breaches and informs you if your password has been compromised. This proactive approach allows you to assess password vulnerability and take necessary actions, such as changing compromised passwords and adopting stronger security measures.
Does changing my password stop hackers?
Changing your password can stop hackers, but it is crucial to change it to a strong and unique password. Merely altering a weak password or creating another easily guessable password does not provide effective protection. Use a secure password manager to generate complex passwords that are resistant to brute-force attacks. Regularly changing passwords, coupled with strong password practices and multi-factor authentication, significantly strengthens your defences against hacking attempts.
What is the least common password?
The least common password is one generated by a password manager, incorporating a mix of numbers, letters, symbols, and special characters. Password managers create highly unique and random passwords that are rarely used by individuals. By avoiding commonly used words or patterns, password managers generate robust and secure passwords that are difficult for hackers to guess or crack.
Why are strong passwords important?
Strong passwords are important for several reasons. They prevent unauthorised access to your accounts, protect sensitive information, and mitigate the impact of data breaches. Strong passwords are resilient against brute-force attacks and dictionary-based hacking attempts. By using strong and unique passwords, you reduce the likelihood of multiple accounts being compromised. Strong passwords, along with additional security measures like two-factor authentication, contribute to a comprehensive cybersecurity strategy, enhancing overall online security.