Top 200 most common passwords of 2021 revealed

A render of a black computer screen whit random white characters indicating a bank of passwords, with the word password highlighted in green text
(Image credit: Shutterstock)

The 200 most common passwords used across the world in 2021 have been revealed with '123456' coming out on top, used by more than 100 million individuals.

The team at NordPass evaluated a 4TB password database compiled by independent cyber security researchers investigating various incidents throughout the year across 50 countries.

Years of campaigning for stronger password policies from the cyber security industry seems to have fallen on deaf ears yet again as only two of the global top ten contained characters other than sequential numbers. Although the two outliers were not much better, with 'qwerty' sitting at the fourth spot, just ahead of 'password' at fifth.

With the top 200 passwords also ranked by how quickly they could be cracked by computers, the two most secure passwords in the list, sitting at places 54 and 123 respectively, were 'myspace1' and 'michelle' - each taking 3 hours to crack.

Most of the list would take less than a second to crack, according to NordPass, with honourable mentions going to 'zag12wsx' and 'jennifer' being the only other two to break the one-hour mark, taking one and two hours to crack, respectively.

In the UK, the top 10 passwords used by both men and women were a mix of sequential numbers, riffs on the old classic 'password', football teams, and actual first names.

It would appear Liverpool FC is the most popular team in the world, or the one whose fans are most relaxed about password security - depending on perspective, since it appeared the highest in the list at 121st, and 3rd overall in the UK.

Ferrari and Porsche were the two car manufacturers users trusted the most when it came to choosing their passwords, comfortably beating all the others on the market.

Dolphins were the most popular animal in many of the 50 countries evaluated by the NordPass team, which also noted men were more likely to use swear words as their passwords than women.

In a battle of the bands, Metallica outranked Slipknot with 88,453 and 75,204 uses respectively, and One Direction made a comeback to the top 200 in 2021 after falling off the list in 2020.


Container network security guide for dummies

Enforcing Kubernetes best practices


None of the top 200 passwords of the year are recommended for use if keeping personal data private is a priority, but NordPass offered some tips to achieve greater password security for 2022.

Complex passwords should always be favoured, and these typically contain at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols.

Although it can be difficult to track all passwords when they're all different, it is recommended to have different passwords for each website and service used. Password managers can help here as the practice lowers the likelihood of losing access to multiple services in a single breach.

Updating passwords every 90 days is also a tedious endeavour but can also help in securing digital identities, according to NordPass, and is commonplace in businesses with a strong security posture.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.