Revealed: The top 200 most common passwords of 2022
While the most common passwords worldwide are largely the same, gender and region did have an effect on frequency


Sequential strings of numbers and ‘password’ remain the most popular password choices for users around the world despite their insecurity.
Annual research into the top 200 most popular passwords has been published by NordPass also revealed that in the UK, names of football teams also ranked highly among the most-used passwords of the year.
For example, ‘liverpool’ was the fourth most popular password of the year, while ‘arsenal’, ‘chelsea’, and ‘liverpool1’ were all in the top 15.
Regional results from the likes of France revealed similarly insecure password practices, but the actual passwords themselves differed. For example, 'azerty' was the third most popular password in the country - the equivalent of 'qwert' on a French keyboard layout.
NordPass also included datasets sorted by user gender, revealing some notable differences in password frequency. In the US, the most used password by users identifying as women was ‘guest’ versus the old favourite of ‘12345’ among users identifying as men.
Both genders in the UK used ‘password’ and ‘123456’ as their top choices, but stark differences were visible in the remainder of the top five results: ‘charlie’, ‘tigger’, and ‘sunshine’ versus ‘mosh2021’, ‘12345’, and ‘liverpool’ were the results for women and men respectively.
Data from all 30 countries, however, revealed general uniformity in passwords, with only the inclusion of ‘bigbasket’ as the seventh most-used password by women worldwide standing out as an anomaly.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The most secure password to make the top 200 list was ‘9136668099’, which NordPass estimates would take hackers around four days to crack. However, beyond this figure, it is still far from a secure password, as it contains no letters or special characters whatsoever.
Regularly updating one’s password is good security practice, and experts recommend straying away from using easy-to-guess words or phrases, or anything that a threat actor could link to you with no trouble.
There are a range of password-cracking techniques used by hackers but brute force attacks, in which hackers guess a victim’s password using various forms of trial and error, are common.
RELATED RESOURCE
Building a better password strategy for your business
Exploring the strategies and exploits that hackers are using to circumvent password security measures
Hackers can use powerful hardware such as GPUs for password-cracking, which can cut down the time required to unearth credentials, but the simplest brute force attacks simply involve trying common passwords until access is granted - reason enough for users to stray away from using anything that resembles a password in the top 200.
Employees should not be using shared passwords across multiple logins, particularly for accounts pertaining to sensitive business data, to prevent data breaches. Businesses are often urged to use multi-factor authentication in addition to a strong password policy, to ensure that unwanted individuals have overcome that extra hurdle in order to access sensitive accounts.
It can be difficult to remember a series of strong, unique passwords - some businesses have said forgettable passwords are the best - and for this reason many businesses opt to use password managers.
These can be used to create distinct passwords for all of a user’s accounts, and store them all behind a master password (used to access the password manager itself).

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
These are the UK industries facing the biggest digital skills gaps in 2025
News Analysis of job vacancies shows that the digital economy is accelerating too quickly for the workforce to keep up with
-
Telefónica Tech UK&I names Martyn Bullerwell as new CEO
News The company veteran succeeds Mark Gorton who steps down following three years in the role
-
Passwords are a problem: why device-bound passkeys can be the future of secure authentication
Industry insights AI-driven cyberthreats demand a passwordless future…
-
LastPass just launched a tool to help security teams keep tabs on shadow IT risks
News Companies need to know what apps their employees are using, so LastPass made a browser extension to help
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
The NCSC wants you to start using password managers and passkeys – here’s how to choose the best options
News New guidance from the NCSC recommends using passkeys and password managers – but how can you choose the best option? ITPro has you covered.
-
I love magic links – why aren’t more services using them?
Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential security
News Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrency
News The hackers behind the LastPass breach are on a rampage two years after their initial attack