10 Most Common Passwords (Is Yours on the List?)

We’re giving you a list of the 10 most common passwords. Why? Because the number of passwords that the average person must keep track of is rising rapidly. In fact, the average person has as many as 100 passwords to remember. It can be tempting to fall into a pattern of creating easy, memorable passwords for your accounts. But be careful: the easier your passwords are to guess, the more susceptible you are to cybercriminals.

The majority of what makes a password easy to guess is how common it is. Here, we’ve compiled a list of the top 10 most commonly used passwords in the U.S. 

Top 10 most common passwords

The most used passwords are all extremely similar, fairly predictable, and follow the same patterns. Variations of “123456789” are very popular and dominate this list, taking up seven of the ten rankings. In terms of alphabetical passwords, nearly a quarter of Americans use the phrase “qwerty” as an exact or partial match in their passwords. 

Here’s a list of the most common passwords in the U.S.:

1. Password
2. 123456
3. 123456789
4. 12345678
5. 1234567
6. Password1
7. 12345
8. 1234567890
9. 1234
10. Qwerty123

Key takeaways 

Here are some lessons we can learn from this top 10 passwords list:

• Numerical sequences are ineffective. Even if your password doesn’t use 1 through 9 in order, choosing numbers in a sequence makes your password incredibly easy for hackers to guess. 
• Alphabetical sequences and dictionary words are just as bad. “Password” and “qwerty,” for example, are very overused and very easy to guess.
• Add-ons at the end of a common phrase don’t do much to improve the strength of a password. No one will be fooled by a capital letter at the beginning plus an “!” or “1” at the end of a numerical or alphabetical sequence. 
• To create a truly strong password, you’ll need to avoid dictionary words, phrases, and sequences altogether.

Don’t be surprised if your password made this list. But just because your password isn’t in the top 10 doesn’t mean you’re in the clear either. There are many common password patterns and categories that can make your accounts vulnerable. A recent study analyzed thousands of passwords and identified common categories that show up across the board. The top of the most hacked passwords list includes themes such as:

• Pet names
• First names
• Animals
• Emotions
• Food

Hackers will be able to guess your password much more easily if:

• Your password is too short and too simple. This could look like a single word followed by a number or an exclamation point or a single numerical phrase like a birthdate.
• Your password is reused across multiple accounts. This practice should be avoided because once a hacker accesses one of your accounts, they’ll be able to access all of the accounts that share that password and guess any similar ones. 
• Your password contains personal information. Using birth dates, personal information, or a street address isn’t suitable for a strong password. 

My password is on this list. What now?

Weak and reused passwords are one of the most common reasons why data breaches occur at organizations or individuals. Luckily these are some easy ways you can improve the security of your passwords:

The first thing you should do after discovering your password has made this list is to change your password to something long, unique, and complex. Here are some tips for how to create a strong password that won’t show up on a “common password list” ever again. 

• Use a password generator to create long, complex, and random passwords.
• Never use the same password for more than one account.
• Store each password in a password manager.

What might happen if I use one of these passwords?

If you have easy-to-guess passwords, you might not think you’re a target, but you’re at a higher risk of a data breach. When your password is stolen on one account, hackers can easily access other accounts, including banking and financial information, which can lead to credit card fraud and identity theft. 

These crimes aren’t only dangerous to your finances and personal information—they’re also a pain to resolve. The Federal Trade Commission estimates that recovering from identity theft can take six months or 200 hours of work.

“I’ve been using the internet since I was 13 and I’ve been in numerous data leaks.

When I started using Dashlane, I could easily see that I had 600 reused passwords. But more importantly to me, I could quickly see which critical passwords had been leaked. For instance, I need to know right away if someone has my bank password.”

—Ben Silver, Manager of IT Support, BentoBox

It’s time to strengthen your password game

If you know your passwords are weak, and you’re ready to level up your cybersecurity, you don’t have to do it alone—Dashlane’s Password Generator provides an easy way to apply all the rules, tips, and best practices surrounding password generation.

Because it can be hard to remember the strong, complicated passwords that Dashlane’s Password Generator creates for you, you can also take advantage of Dashlane’s password manager. This tool has several layers of security built in, so you can store all your passwords, payments, and personal info in one secure location—without worrying about hackers gaining access. If you find yourself using or witnessing weak and reused passwords at work, your organization should consider getting a business password manager.

---

References

1. Tech.Co, “Study Reveals Average Person Has 100 Passwords” November 2021
2. MSN, “How to create strong, secure passwords” June 27
3. Safety Detectives, “The 20 Most Hacked Passwords in the World: Is Yours Here?” August 1, 2022
4. Simplemost, “Find Out If You Are Using The Most Hacked Passwords” February 1, 2022
5. Identity Hawk, “How Long Does It Take to Recover From Identity Theft?”