I’ve analyzed extensive data and industry trends with the SafetyDetectives Research Team to compile a report of the 20 most hacked passwords in 2024. These passwords, despite their ubiquity, leave users vulnerable to unauthorized access, identity theft, and data breaches
I used several years’ worth of leaks to compile this report — found on hacking forums, marketplaces, and dark web sites — usually sold as treasure troves of sensitive information for criminals.
Here’s a quick look at the most hacked passwords in this report:
- USA — password
- Germany — 123456
- Russia — qwerty
- France — azerty
- Italy — 123456
- Spain — 123456
Note, I only analyzed the data — no identifying information like usernames or banking details were compromised while conducting this research. My goal was not to simply put together another “most used/hacked passwords” list. Instead, I wanted to see if there were any obvious patterns occurring around the world that would cause hackers easier access to user information, regardless of language or location.
That said, before we dive into the report, you should consider using a password manager like 1Password if you’re worried about your online security. 1Password not only offers a secure storage vault for your passwords but also includes a convenient password generator. This tool can help you create strong and unique passwords (unlike those above), bolstering your defenses against malicious actors.
Over 18 Million Passwords Analyzed
We collected and analyzed a total of 18,419,945 passwords. Around 9 million passwords were from the general population
- From various worldwide databases, we collected 9,056,593 passwords
- Note that there’s some overlap with other populations.
- From hacked .edu users, we collected 328,000 passwords.
The remaining 9 million passwords were country-specific:
- Germany — 783,756.
- France — 446,613.
- Russia — 5,614,947.
- Italy — 49,622.
- Spain — 459,665.
- USA — 1,680,749.
We looked at this from a lot of different angles to identify the weakest and most insecure passwords in the world. For each population, we identified:
- The top 20 most used passwords (and the top 30 overall).
- The most popular password patterns.
- Specific cultural references to that population.
We also looked at:
- How names found in email addresses are used in passwords. We specifically looked at the use of first names in “[first_name].[last_name]@[email_provider].com” and address names in “[address_name]@[email_provider].com”.
- How these common passwords compare to the “Hacker’s List” – the list of passwords that are most often used by security researchers for dictionary attacks. (“Dictionary attacks” refers to trying many different common passwords until the right one is guessed.)
Note: Many of the passwords analyzed in this report would not be allowed to be used by sites that have password strength checks in place.
Top 30 Most Used Passwords in the World
- 123456
- password
- 123456789
- 12345
- 12345678
- qwerty
- 1234567
- 111111
- 1234567890
- 123123
- abc123
- 1234
- password1
- iloveyou
- 1q2w3e4r
- 000000
- qwerty123
- zaq12wsx
- dragon
- sunshine
- princess
- letmein
- 654321
- monkey
- 27653
- 1qaz2wsx
- 123321
- qwertyuiop
- superman
- asdfghjkl
General Password Trends in the World
- The word “password” and its slight variations (e.g. “password1”) are very popular.
- Common words and phrases are also widely used (“letmein”, “iloveyou”, “princess”, “superman”, etc.).
- Keyboard patterns remain popular — 25% of the top 30 most common passwords are keyboard patterns. “qwerty” is the most used one by far, but diagonal keyboard pattern variations like “1q2w3e4r” and “zaq12wsx” are also well represented.
Numbers are the Most Common Password Pattern
Numeric patterns are worldwide favorites when it comes to creating a weak, easy-to-guess password. Increasing (e.g. 123456) or repetitive (e.g. 111111) numeric patterns could be observed in 8 out of the top 10 and 13 out of the top 30 most used passwords.
Analyzing passwords by country, we notice a few more things:
- The word “hello” is a popular password choice everywhere (in their respective languages), present in the top 20 password lists of nearly all countries we analyzed.
- The soccer-loving nations of Italy and Spain both have names of prominent soccer teams in the top 10 of their most common passwords.
- German and Spanish users favor numeric patterns.
- Russian users more often choose keyboard patterns for passwords than other countries.
Germany – Top 20 Most Used Passwords
- 123456
- 123456789
- 12345678
- hallo123
- hallo
- 12345
- passwort
- lol123
- 1234
- 123
- qwertz
- ficken
- 1234567
- arschloch
- 1234567890
- 1q2w3e4r
- killer
- sommer
- schalke04
- dennis
The most common password pattern: German users show a preference for simple, easy-to-guess increasing numeric passwords, starting with “123” and going all the way to “1234567890”. Such passwords constitute nearly 50% of the German top 20 list.
Other password trends: The word “passwort” (“password”) and “hallo” (“hello”) are popular choices, and so are keyboard patterns using the German keyboard layout (e.g. “qwertz”).
France – Top 20 Most Used Passwords
- azerty
- marseille
- loulou
- 123456
- doudou
- 010203
- badoo
- azertyuiop
- soleil
- chouchou
- 123456789
- bonjour
- nicolas
- jetaime
- motdepasse
- alexandre
- chocolat
- coucou
- camille
- caramel
The most common password pattern: While the French version of “qwerty” — “azerty” — is number one, common French words and phrases requiring little to no translation like “marseille”, “bonjour”, “jetaime”, “soleil”, or “chocolat” are also very popular.
Other password trends: Increasing numeric patterns are notably less popular with French users than with the worldwide population. Only 3 out of the top 20 French passwords are numeric. This can likely be explained due to French keyboards requiring users to press “Shift + number” instead of only the number.
Russia – Top 20 Most Used Passwords
- qwerty
- 123456
- qwertyuiop
- qwe123
- 123456789
- 111111
- klaster
- qweqwe
- 1qaz2wsx
- 1q2w3e4r
- qazwsx
- 1234567890
- 1234567
- 7777777
- 123321
- 1q2w3e
- 123qwe
- 1q2w3e4r5t
- zxcvbnm
- 123123
The most common password pattern: All of the top 20 Russian passwords are numbers and patterns, and many of them are different from worldwide trends. Russian users often choose diagonal keyboard patterns involving numbers and alphanumeric characters — for example, “1qaz2wsx” or “1q2w3e4r”.
Other password trends: Russian users are the least likely of the populations we analyzed to use meaningful words — in Russian or English — as passwords.
Italy – Top 20 Most Used Passwords
- 123456
- 123456789
- juventus
- password
- 12345678
- ciaociao
- francesca
- alessandro
- giuseppe
- martina
- francesco
- valentina
- qwertyuiop
- antonio
- stellina
- federico
- federica
- giovanni
- lorenzo
- asdasd
The most common password pattern: First names like “francesco”, “alessandro”, or “guiseppe” are the most popular password choices for Italian users. Such passwords are particularly insecure and easy to guess when used in combination with an email mentioning the same first name — for example, [first_name]@[email_provider].com. Unfortunately, this practice is still very common.
Other password trends: This soccer-crazy nation has “juventus” as the #3 top password choice.
USA – Top 20 Most Used Passwords
- password
- 123456
- 123456789
- 12345678
- 1234567
- password1
- 12345
- 1234567890
- 1234
- qwerty123
- qwertyuiop
- 1q2w3e4r
- 1qaz2wsx
- superman
- iloveyou
- qwerty1
- qwerty
- 123456a
- letmein
- football
The most common password pattern: US users are equally likely to use an increasing numeric pattern, keyboard pattern, or a common word or phrase as a password.
Other password trends: 25% of the US’s top 20 passwords contain “qwerty” as an exact or partial match.
Spain – Top 20 Most Used Passwords
- 123456
- 123456789
- 12345
- 12345678
- 111111
- 1234567890
- 000000
- 1234567
- barcelona
- 123456a
- 666666
- 654321
- 159159
- 123123
- realmadrid
- 555555
- mierda
- alejandro
- tequiero
- a123456
The most common password pattern: Spanish users show a preference for numeric patterns like German users do.
Other password trends: Out of the 5 common words in the top 20 list, 2 are the names of famous Spanish soccer teams (“barcelona” and “realmadrid”).
Top 20 Most Used Passwords for .edu Users
Students and faculty at university don’t typically regard their .edu email addresses as important, so they tend to create easy-to-guess passwords.
The 20 most common .edu passwords are:
- 123456
- password
- 123456789
- secret
- 12345
- password1
- football
- baseball
- 123123
- abc123
- soccer
- 1234
- qwerty
- sunshine
- basketball
- monkey
- ashley
- princess
- 12345678
- 1234567
The most common password pattern: Educational domain users are likely to choose common passwords — these passwords constitute 60% of the overall top 30 list.
Other password trends: .edu users often pick names of sports for their insecure passwords, and they are more likely to do so than any other category of users analyzed in this report. The increasing numeric passwords they use tend to be short — 6 out of the 8 numeric patterns on the list are under 8 characters long.
Analysis: The Most Used Word Patterns in Passwords
This section summarizes my analysis of commonly used word patterns within passwords. Numeric sequences (such as “123456” etc.) are excluded from this section’s analysis. (Note: We include numeric patterns in our analysis later on.)
Worldwide Trends
- The word “password” is the most popular choice worldwide as well as with .edu users and the US population. Its variations in other languages, such as “passwort” (German) or “motdepasse” (French), were also found in the top 20 for their respective country.
- Culturally relevant words are also popular worldwide and across many countries. Words like “angel”, “dragon”, and “superman” which are culturally relevant to a broad category of users.
- Most European users (particularly Italian and Spanish) prefer using first names as passwords.
- Russian users differ from the other populations in our study. They prefer keyboard patterns over meaningful words, even when using alphanumeric characters as passwords.
First Names in Passwords
The use of first names inside passwords is very common, especially first names that are included in email addresses — 4.19% of worldwide users do this. Italians (4.13%), Russians (3.79%), and Germans (2.51%) are the global populations most likely to use these extremely easy-to-hack passwords.
First Names + 123 Patterns in Passwords
A “123” prefix/suffix in email addresses was seen in about 0.03% of worldwide passwords. While adding random numeric patterns to passwords is a great strategy, this simple pattern is far too common, making these kinds of passwords very easy for hackers to guess.
Famous People, Brands & Pop Culture Figures in Passwords
We frequently found pop culture and historic figures used either as part of a password or an exact match in our analysis of 9.3 million users worldwide. We also found that cultural references influenced password choices quite heavily.
- “Christ” and “Jesus” led the way with 7,432 and 7,414 respective mentions in passwords.
- Three brands — “Google” (7,057 mentions), “Apple” (6,240), and “Samsung” (2,866) — also made it to the top 10.
- The popular TV series “Friends” was another top choice with 4,289 mentions, while “Starwars” was used 2,237 times.
- The popular sports figure “Ronaldo” was at the 10th spot with 1,265 mentions.
Hacker’s Top 10 Most Used Passwords List Explained
I compared my findings with the top 10 list of the most used passwords that hackers use when testing login security. I used the following resources to create the Hacker’s Top 10 most used passwords list:
- John The Ripper (password cracking program)
- NMAP (network discovery tool)
- Security researchers’ most used passwords lists (sourced from Github)
- Honeypot credentials from real world attacks (sourced from Github)
Hacker’s Top 10 List of Most Used Passwords
- 123456
- password
- 12345678
- 1234567
- qwerty
- 654321
- 111111
- 123123
- 1234567890
- iloveyou
The most insecure passwords to use across all countries and populations is“123456” and “password” — two of the most obvious, easiest-to-guess patterns which meet the minimum 6 to 8 character password length requirement that most websites have.
“123456” is #1 on the Hacker’s List for a reason — this password is THE most popular one worldwide (0.62% of 9.3M passwords analyzed). It also holds the:
- #1 spot for .edu, Germany, Italy, and Spain users.
- #2 spot for USA and Russia users.
- #4 spot for France users.
Match Between Countries’ Top 10 and Hacker’s Top 10
Here’s how the 10 most common passwords in various populations matched the Hacker’s Top 10 list:
- Worldwide – 80% match
- USA, Spain – 50%
- Italy, Russia – 33%
- Germany – 25%
- France – 10%
The overall password trends analyzed from worldwide users match up pretty well with this list, making the most used passwords in the world extremely prone to dictionary attacks. Users in the US and Spain with these passwords are also extremely susceptible to hacks.
Additional Insights on Worldwide Password Trends
- The Italian and US populations are the ones most likely to use first names and/or other words that are part of their email credentials in their passwords. Overall, up to 4% of users worldwide do this.
- The Russian population uses keyboard patterns and numbers for their passwords more often than other populations we analyzed.
- The phrase “iloveyou” in local languages is a popular choice for passwords.
- Passwords like “111111” or “000000” are likely to be chosen when the user is on their phone.
Most Common Year Used in Passwords
Surprisingly, one of the most frequently used years in passwords is 2013. While it may seem random, this particular year has gained popularity among users both as a prefix and a suffix in their passwords. However, using such a commonly chosen year makes your password highly vulnerable to hacking. Other common years include 2000 and 2010.
Individuals often use their birth years, a year of importance in their family, or the year they established the password. Frankly, this doesn’t significantly enhance security as much of this data can be publicly found or effortlessly obtained by technically proficient hackers.
Using Birthdays in Passwords
Using birthdays in passwords is also dangerous due to their predictability and ease of discovery. Your birthday is personal information that can often be easily obtained or guessed by attackers. If an attacker has knowledge of your birthdate or can gather it from social media or public records, they have a higher chance of successfully cracking your password. Moreover, birthdays are often used as common elements in brute-force attacks or dictionary-based hacking attempts. To ensure better password security, it is advisable to avoid incorporating birthdays and instead create unique, complex passwords using a password generator that combines letters, numbers, and symbols.
How to Improve Password Strength
Most people fall victim to cyber threats because they don’t use unique, secure, and hard-to-crack passwords. And understandably so; without a password manager, it becomes an impossible task to remember hundreds of unique and complex passwords for each login.
5 tips for improving password strength:
- Don’t reuse passwords on any account.
- Use a password that is longer than 8 characters.
- Don’t include any words in your email address as part of your password.
- Always include numbers, capital letters, and special characters in passwords. But many passwords start with a capital letter and end with a number (often the current year). Don’t follow that pattern.
- Don’t include common names, common cities, or common cultural references.
Bonus tip: All of the top password managers in 2024 include a password generator to create unique and secure passwords for you.
To safeguard your passwords effectively and simply, use a password manager. We recommend affordable premium options like 1Password, which not only generates but also auto-fills secure passwords, all the while encrypting your data against theft.
Frequently Asked Questions
How many times has my password been hacked?
To determine how many times your password has been compromised, use a dark web scanner like the one included in Norton’s security suite. These scanners search the dark web for leaked databases and breached accounts, providing valuable insights into the security of your passwords. By inputting your email address into the scanner, it cross-references it against known breaches and informs you if your password has been compromised in any of those incidents (and sometimes how many times it’s been compromised). This proactive approach allows you to assess the vulnerability of your passwords and take necessary actions such as changing compromised passwords and adopting stronger security measures to protect your online accounts.
Does changing my password stop hackers?
Changing your password can stop hackers, but it’s crucial to change your password to a strong and unique password. Simply altering a weak or easily guessable password or creating another easily guessable password won’t provide effective protection. By utilizing a secure password manager like 1Password, however, you can generate complex passwords that are resistant to brute-force attacks. These password managers also offer the convenience of securely storing and auto-filling your passwords across various platforms.
Regularly changing passwords, coupled with strong password practices and multi-factor authentication, significantly strengthens your defenses against hacking attempts and enhances your overall online security.
What is the least common password?
The least common password is one generated by a password manager like Dashlane, incorporating a mix of numbers, letters, symbols, and special characters.
These password managers generate highly unique and random passwords that are rarely used by individuals. By avoiding commonly used words or patterns, password managers create robust and secure passwords that are difficult for hackers to guess or crack. These passwords typically consist of a long string of characters, making them significantly more resilient against brute-force attacks or dictionary-based hacking attempts. Embracing the strength of password managers helps ensure stronger and more secure online accounts.
Why are strong passwords important?
Strong passwords are important for several reasons. Firstly, they help prevent unauthorized access to your accounts and protect your sensitive information. With a strong password, it becomes significantly harder for hackers to crack or guess your password through brute-force attacks.
Secondly, strong passwords can mitigate the impact of data breaches. If your password is weak, it can be easily compromised, putting your personal data at risk. By using a strong and unique password for each account, you reduce the likelihood of multiple accounts being compromised.
Lastly, strong passwords are a crucial part of a comprehensive cybersecurity strategy, alongside measures like two-factor authentication, to enhance overall online security.