Password manager NordPass has released a list of the top 200 most common passwords of the year 2020. Unsurprisingly, “123456” is this year’s most popular password. The list also contains the typical passwords like “password”, “qwerty”, “abc123”, “iloveyou”, etc. 
NordPass was able to compile the list in collaboration with a third-party that specializes in data breach research. A database of 275,699,516 passwords was evaluated to create the list. It’s important to note that passwords in these list are those that have been part of data breaches, meaning they’re likely passwords for unsafe services that have either leaked their user data or were breached by malicious actors. So it cannot be said with assurance that users use these simple passwords for important accounts like Google or online banking, as they do not store passwords in plaintext, thus cannot leak them.
The list has become a sort of yearly tradition, though it may be released by multiple different companies. They contain more or less the same passwords, however. We invite you to review these passwords, just in case there is one you currently use.
“123456” takes first place as 2020’s most common password
According to the list released by NordPass, “123456” is this year’s most common password with more than two million users, moving up from last year’s second place. A slightly longer “123456789” is in second place with 961,435 users, “picture1” takes third place with 371,612 users, the classic “password” is fourth place with 360,467 users, and “12345678” is fifth, with 322,187 users. For all mentioned passwords except “picture1”, the number of times it has been exposed is in the millions, with “123456” being exposed more than 23 million times.
The list also contains passwords like “iloveyou”, “000000”, “asdfghjkl”, “unknown”, “1q2w3e4r”, “qwerty123”, “aaaaaa”, and “qazwsx”. Names like “alexander”, “gabriel”, “robert”, “taylor”, “matthew” and “andrea” are also commonly used passwords. Names of people who had significant media presence during the year are often used as passwords as well. For example, when current US President Donald Trump was elected in 2016, passwords containing some variation of “Trump” were common.
Users may think that adding numbers to a password makes it harder to crack, and while true, it does not apply when the password is something easy to guess like “password” or “qwerty”. “password123” is just as easy to guess/crack as “password”.
What is a good password, and why is reusing passwords dangerous
Users can avoid seeing their passwords on these yearly list by simply creating more complex ones. The more random a password is, the harder it is to crack. Random doesn’t necessarily mean random combinations of letters, it merely means that the password shouldn’t make sense to anyone but you. You can take three different words and put them together to make a complex password that would take years to crack. Using upper and lower case letters, numbers and symbols would also increase the password’s security. Or you can have a completely scrambled password, with random combinations of letters, numbers and symbols. To put it simply, either create a password that only makes sense to you, or completely randomize it.
Users who use simple passwords are also more likely to reuse the same ones multiple times. This is a dangerous habit to have, one that could lead to multiple accounts hacked and personal information stolen. For example, if you use the same password to log in to play a mobile game and to access your email account, if the game leaks your login credentials, your email account becomes vulnerable as well. Because of this, however strong your password is, you should never use it twice.
Perhaps the biggest reason why users not only use simple passwords but also reuse them is because complex ones are difficult to remember, especially when there are many to remember. Fortunately, this issue is easily solvable. Users can use password managers that can not only create complex passwords but also store them safely. There are plenty of great password managers, ranging from free to premium ones.
Lastly, we’d like to mention that if possible, protect your accounts with multi-factor authentication. What multi-factor authentication is offered depends on the service. For example, you can use two-factor authentication via SMS or an app, or you can use your fingerprint or face to confirm. Unfortunately, there are still plenty of widely used services that are yet to implement multi-factor authentication. But when it is offered, do use it!