These are the Top 25 Worst Passwords that People Used in 2019

• In 2019, internet users continued to set up the same insecure passwords everywhere.
• People falsely think that hackers won’t target them, or that having nothing to hide is a reason to use “12345”.
• When it comes to using password managers and activating 2FA, we’re not nearly there yet.

Researchers from the NordPass password manager have listed the 200 most used passwords in 2019, and the situation looks like a repeat of the previous year, and the year before that, and the one leading up to it, and the one anterior to that, and the story goes. As you can easily deduce, the top most used passwords are the same that we see topping the “worst passwords” lists, a practice which leads to super-easy account takeovers. Yet, no matter how many years pass by, and no matter how hard the media try to spread the word of warning, most people are still using the same insecure passphrases.

So here it goes. The top 25 most used passwords for 2019 were the following:

1. 12345
2. 123456
3. 123456789
4. test1
5. password
6. 12345678
7. zinch
8. g_czechout
9. asdf
10. qwerty
11. 1234567890
12. 1234567
13. Aa123456.
14. iloveyou
15. 1234
16. abc123
17. 111111
18. 123123
19. dubsmash
20. test
21. princess
22. qwertyuiop
23. sunshine
24. BvtTest123
25. 11111

NordPass used a database of 500 million passwords to compile this list, so each entry above corresponds to hundreds of thousands. The passphrase “password” for example was used by 830846 people out of the 500 million in the pool. So, why do people insist on using easy to remember and easy to guess passwords? Possibly, they think that they have nothing valuable to hide anyway, or they reckon that no hackers would be interested in taking over their social media accounts for example.

Whatever their assumptions are, they are all wrong. We should treat our online presence with the respect that it deserves, using unique and strong passwords in every platform that we access/use, otherwise we will face the consequences sooner or later. Scammers, phishing actors, extortionists, and all kinds of crooks can trick you into giving them money whether you have something to hide or not. Moreover, lists like the one seen here are used in brute-forcing malware, hardcoded inside these tools to automate the account takeover process.

Our advice is to use a password manager that will absolve you from having to remember any passwords, check your emails on haveibeenpwned periodically, and activate two-factor authentication wherever it is available. Finally, never use the same password twice, not even if it’s a strong one. If that password leaks through a website breach that you may never get to learn about, your entire online presence will be compromised. This is what happens with stuffing attacks, which have gotten so popular lately for a reason.

Do you have anything to comment on the above? Feel free to share your thoughts with us in the comments section beneath, or on our socials, on Facebook and Twitter.