Dark Web Passwords The Most Hacked Passwords in 2023


In this report, we will analyse the most hacked passwords in 2023, focusing on the vulnerabilities they pose to users. We have gathered extensive data and industry trends from the SafetyDetectives Research Team to compile this report. By analysing leaked data from hacking forums, marketplaces, and dark websites, we aim to identify patterns and trends that make users more susceptible to unauthorised access, identity theft, and data breaches.

Before we delve into the report, we strongly recommend using a password manager like LastPass to enhance your online security. LastPass not only provides a secure storage vault for your passwords but also offers a convenient password generator, enabling you to create strong and unique passwords that are more resistant to malicious actors.

Analysis of Passwords

Total Number of Passwords Analysed

We have analysed a total of 18,419,945 passwords, including:

  • 9,056,593 passwords from various worldwide databases.
  • 328,000 passwords from hacked .edu users.
  • 9,000,000 country-specific passwords.

Top 30 Most Used Passwords in the World

The following passwords are the most commonly used and hacked passwords worldwide:

  1. 123456
  2. password
  3. 123456789
  4. 12345
  5. 12345678
  6. qwerty
  7. 1234567
  8. 111111
  9. 1234567890
  10. 123123
  11. abc123
  12. 1234
  13. password1
  14. iloveyou
  15. 1q2w3e4r
  16. 000000
  17. qwerty123
  18. zaq12wsx
  19. dragon
  20. sunshine
  21. princess
  22. letmein
  23. 654321
  24. monkey
  25. 27653
  26. 1qaz2wsx
  27. 123321
  28. qwertyuiop
  29. superman
  30. asdfghjkl
  • The word “password” and its variations are highly popular as passwords worldwide.
  • Common words and phrases, such as “letmein,” “iloveyou,” “princess,” and “superman,” are widely used.
  • Keyboard patterns, such as “qwerty,” are commonly employed, with 25% of the top 30 passwords being keyboard patterns.
  • Numeric patterns, such as increasing or repetitive numbers, are prevalent in passwords.

Most Common Password Patterns

  • Numeric patterns are widely favoured for creating weak and easy-to-guess passwords.
  • Increasing or repetitive numeric patterns are observed in the top 10 and top 30 most used passwords.
  • The word “hello” is a popular password choice in different languages.
  • Certain countries exhibit specific password trends, such as the use of first names in passwords by Italian and Spanish users, and the preference for keyboard patterns amongst Russian users.

Country-Specific Password Analysis

Germany – Top 20 Most Used Passwords

  1. 123456
  2. 123456789
  3. 12345678
  4. hallo123
  5. hallo
  6. 12345
  7. passwort
  8. lol123
  9. 1234
  10. 123
  11. qwertz
  12. ficken
  13. 1234567
  14. arschloch
  15. 1234567890
  16. 1q2w3e4r
  17. killer
  18. sommer
  19. schalke04
  20. dennis
  21. The most common password pattern amongst German users is simple and easy-to-guess increasing numeric passwords, such as “123” and “1234567890.”
  22. The word “passwort” (“password”) and keyboard patterns using the German layout, such as “qwertz,” are also popular choices.

France – Top 20 Most Used Passwords

  1. azerty
  2. marseille
  3. loulou
  4. 123456
  5. doudou
  6. 010203
  7. badoo
  8. azertyuiop
  9. soleil
  10. chouchou
  11. 123456789
  12. bonjour
  13. nicolas
  14. jetaime
  15. motdepasse
  16. alexandre
  17. chocolat
  18. coucou
  19. camille
  20. caramel
  21. The most common password pattern amongst French users is the French version of “qwerty” – “azerty.”
  22. Common French words and phrases, such as “marseille,” “bonjour,” and “chocolat,” are also popular choices.

Russia – Top 20 Most Used Passwords

  1. qwerty
  2. 123456
  3. qwertyuiop
  4. qwe123
  5. 123456789
  6. 111111
  7. klaster
  8. qweqwe
  9. 1qaz2wsx
  10. 1q2w3e4r
  11. qazwsx
  12. 1234567890
  13. 1234567
  14. 7777777
  15. 123321
  16. 1q2w3e
  17. 123qwe
  18. 1q2w3e4r5t
  19. zxcvbnm
  20. 123123
  21. Russian users predominantly choose keyboard patterns for their passwords, as seen in the top 20 list.
  22. Meaningful words, both in Russian and English, are less frequently used as passwords compared to other countries.

Italy – Top 20 Most Used Passwords

  1. 123456
  2. 123456789
  3. juventus
  4. password
  5. 12345678
  6. ciaociao
  7. francesca
  8. alessandro
  9. giuseppe
  10. martina
  11. francesco
  12. valentina
  13. qwertyuiop
  14. antonio
  15. stellina
  16. federico
  17. federica
  18. giovanni
  19. lorenzo
  20. asdasd
  21. First names, such as “francesco,” “alessandro,” and “giuseppe,” are popular password choices amongst Italian users. This practice, when combined with an email address mentioning the same first name, increases password vulnerability.
  22. The Italian soccer team “juventus” is also a popular choice among Italian users.

USA – Top 20 Most Used Passwords

  1. password
  2. 123456
  3. 123456789
  4. 12345678
  5. 1234567
  6. password1
  7. 12345
  8. 1234567890
  9. 1234
  10. qwerty123
  11. qwertyuiop
  12. 1q2w3e4r
  13. 1qaz2wsx
  14. superman
  15. iloveyou
  16. qwerty1
  17. qwerty
  18. 123456a
  19. letmein
  20. football
  21. US users have varied password choices, including increasing numeric patterns, keyboard patterns, and common words or phrases.
  22. “Qwerty” is a frequently used password, with 25% of the top 20 passwords containing this pattern.

Spain – Top 20 Most Used Passwords

  1. 123456
  2. 123456789
  3. 12345
  4. 12345678
  5. 111111
  6. 1234567890
  7. 000000
  8. 1234567
  9. barcelona
  10. 123456a
  11. 666666
  12. 654321
  13. 159159
  14. 123123
  15. realmadrid
  16. 555555
  17. mierda
  18. alejandro
  19. tequiero
  20. a123456
  21. Spanish users show a preference for numeric patterns, similar to German users.
  22. Two famous Spanish soccer teams, “barcelona” and “realmadrid,” have their names in the top 20 password choices.

Top 20 Most Used Passwords for .edu Users

  1. 123456
  2. password
  3. 123456789
  4. secret
  5. 12345
  6. password1
  7. football
  8. baseball
  9. 123123
  10. abc123
  11. soccer
  12. 1234
  13. qwerty
  14. sunshine
  15. basketball
  16. monkey
  17. ashley
  18. princess
  19. 12345678
  20. 1234567
  21. .edu users often choose common passwords, with such passwords constituting 60% of the overall top 30 list.
  22. Names of sports, such as “football” and “baseball,” are frequently used as passwords by .edu users.

Analysis of Password Patterns

  • The word “password” and its variations are the most popular choices worldwide.
  • Culturally relevant words and phrases are widely used, such as “angel,” “dragon,” and “superman.”
  • European users, especially Italians and Spaniards, prefer using first names as passwords.
  • Russian users differ from other populations and often choose keyboard patterns over meaningful words.

First Names in Passwords

  • Many users, particularly Italians, Russians, and Germans, use first names inside passwords, often correlated with their email addresses.

First Names + 123 Patterns in Passwords

  • Users sometimes add a “123” prefix or suffix to their passwords, but this simple pattern is highly common and easily guessable by hackers.

Famous People, Brands & Pop Culture Figures in Passwords

  • Pop culture references, historic figures, and brand names are frequently used in passwords.
  • The names “Christ” and “Jesus” are popular choices, along with brands like “Google,” “Apple,” and “Samsung.”
  • TV series like “Friends” and “Star Wars” also influence password choices.
  • Sports figures, such as “Ronaldo,” make appearances in passwords.

Hacker’s Top 10 Most Used Passwords List Explained

  • The Hacker’s Top 10 most used passwords list is compared to our findings to identify commonalities.
  • Passwords like “123456” and “password” are the most insecure choices globally.
  • The Hacker’s Top 10 list aligns with the overall password trends, making these passwords highly susceptible to dictionary attacks.

Match Between Countries’ Top 10 and Hacker’s Top 10

  • The match between countries’ top 10 passwords and the Hacker’s Top 10 list varies.
  • Worldwide, there is an 80% match between the two lists.
  • The US and Spain have a 50% match.
  • Italy and Russia have a 33% match.
  • Germany has a 25% match.
  • France has a 10% match.
  • Italian and US populations are most likely to use first names or email-related words in their passwords.
  • Russian users prefer keyboard patterns and numbers in their passwords.
  • The phrase “iloveyou” is a popular choice in various languages.
  • Certain passwords, like “111111” or “000000,” are more likely to be used on mobile devices.

Most Common Year Used in Passwords

  • Surprisingly, the year 2013 is frequently used as a prefix or suffix in passwords.
  • Birth years, significant family years, or the year of password creation are also common choices.
  • However, using such easily guessed years compromises password security.

Using Birthdays in Passwords

  • Using birthdays in passwords is risky due to their predictability and ease of discovery.
  • Attackers can easily obtain or guess birthdays through social media or public records.
  • Birthdays are often targeted in brute-force attacks or dictionary-based hacking attempts.
  • To enhance password security, avoid incorporating birthdays and instead generate unique and complex passwords using password managers.

How to Improve Password Strength

To improve password strength and protect against hacking attempts, consider the following tips:

  • Do not reuse passwords across multiple accounts.
  • Use passwords that are longer than 8 characters.
  • Avoid including words from your email address in your password.
  • Include numbers, capital letters, and special characters in your passwords.
  • Avoid common names, cities, or cultural references in passwords.
  • Utilise a password manager like 1Password to generate and store secure passwords.

By following these guidelines, you can significantly enhance your password security and protect your online accounts from unauthorised access and data breaches.

Frequently Asked Questions

How many times has my password been hacked?

To determine if your password has been compromised, use a dark web scanner like the one offered by Norton’s security suite. These scanners search the dark web for leaked databases and breached accounts, providing insights into the security of your passwords. By inputting your email address into the scanner, it cross-references it against known breaches and informs you if your password has been compromised. This proactive approach allows you to assess password vulnerability and take necessary actions, such as changing compromised passwords and adopting stronger security measures.

Does changing my password stop hackers?

Changing your password can stop hackers, but it is crucial to change it to a strong and unique password. Merely altering a weak password or creating another easily guessable password does not provide effective protection. Use a secure password manager to generate complex passwords that are resistant to brute-force attacks. Regularly changing passwords, coupled with strong password practices and multi-factor authentication, significantly strengthens your defences against hacking attempts.

What is the least common password?

The least common password is one generated by a password manager, incorporating a mix of numbers, letters, symbols, and special characters. Password managers create highly unique and random passwords that are rarely used by individuals. By avoiding commonly used words or patterns, password managers generate robust and secure passwords that are difficult for hackers to guess or crack.

Why are strong passwords important?

Strong passwords are important for several reasons. They prevent unauthorised access to your accounts, protect sensitive information, and mitigate the impact of data breaches. Strong passwords are resilient against brute-force attacks and dictionary-based hacking attempts. By using strong and unique passwords, you reduce the likelihood of multiple accounts being compromised. Strong passwords, along with additional security measures like two-factor authentication, contribute to a comprehensive cybersecurity strategy, enhancing overall online security.

This website uses cookies. By continuing to use this site, you accept our use of cookies.  Learn more