IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Revealed: The top 200 most common passwords of 2022

While the most common passwords worldwide are largely the same, gender and region did have an effect on frequency

Sequential strings of numbers and ‘password’ remain the most popular password choices for users around the world despite their insecurity.

Annual research into the top 200 most popular passwords has been published by NordPass also revealed that in the UK, names of football teams also ranked highly among the most-used passwords of the year.

For example, ‘liverpool’ was the fourth most popular password of the year, while ‘arsenal’, ‘chelsea’, and ‘liverpool1’ were all in the top 15.

Regional results from the likes of France revealed similarly insecure password practices, but the actual passwords themselves differed. For example, 'azerty' was the third most popular password in the country - the equivalent of 'qwert' on a French keyboard layout.

NordPass also included datasets sorted by user gender, revealing some notable differences in password frequency. In the US, the most used password by users identifying as women was ‘guest’ versus the old favourite of ‘12345’ among users identifying as men.

Both genders in the UK used ‘password’ and ‘123456’ as their top choices, but stark differences were visible in the remainder of the top five results: ‘charlie’, ‘tigger’, and ‘sunshine’ versus ‘mosh2021’, ‘12345’, and ‘liverpool’ were the results for women and men respectively.

Data from all 30 countries, however, revealed general uniformity in passwords, with only the inclusion of ‘bigbasket’ as the seventh most-used password by women worldwide standing out as an anomaly.

The most secure password to make the top 200 list was ‘9136668099’, which NordPass estimates would take hackers around four days to crack. However, beyond this figure, it is still far from a secure password, as it contains no letters or special characters whatsoever.

Regularly updating one’s password is good security practice, and experts recommend straying away from using easy-to-guess words or phrases, or anything that a threat actor could link to you with no trouble.

There are a range of password-cracking techniques used by hackers but brute force attacks, in which hackers guess a victim’s password using various forms of trial and error, are common. 

Related Resource

Building a better password strategy for your business

Exploring the strategies and exploits that hackers are using to circumvent password security measures

Whitepaper cover with title in block red box and image of keyboard keys, with a padlock and finger printFree Download

Hackers can use powerful hardware such as GPUs for password-cracking, which can cut down the time required to unearth credentials, but the simplest brute force attacks simply involve trying common passwords until access is granted - reason enough for users to stray away from using anything that resembles a password in the top 200.

Employees should not be using shared passwords across multiple logins, particularly for accounts pertaining to sensitive business data, to prevent data breaches. Businesses are often urged to use multi-factor authentication in addition to a strong password policy, to ensure that unwanted individuals have overcome that extra hurdle in order to access sensitive accounts.

It can be difficult to remember a series of strong, unique passwords - some businesses have said forgettable passwords are the best - and for this reason many businesses opt to use password managers.

These can be used to create distinct passwords for all of a user’s accounts, and store them all behind a master password (used to access the password manager itself).

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

'CryWiper' trojan disguises as ransomware, says Kaspersky
malware

'CryWiper' trojan disguises as ransomware, says Kaspersky

2 Dec 2022
LastPass admits 'elements' of customer data accessed in breach
hacking

LastPass admits 'elements' of customer data accessed in breach

1 Dec 2022
Hyundai vulnerability allowed remote hacking of locks, engine
Security

Hyundai vulnerability allowed remote hacking of locks, engine

30 Nov 2022
Building a better password strategy for your business
Whitepaper

Building a better password strategy for your business

26 Oct 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022