Most common passwords: latest 2023 statistics
Data breaches and cyberattacks are becoming more and more common. In order to keep your online identity and private information safe, taking care of your passwords is as essential as ever.
One of the key elements of a strong password is its uniqueness. But some passwords are anything but that. Here are the most commonly used passwords & phrases used in passwords by people around the world – collected by the Cybernews Investigation Team.
The top 10 most common passwords list in 2023:
Don't want your password to end up on this list? A password manager can help! NordPass offers a password generator for unique, high-security passwords that have at least 12 characters and include numbers, special characters, and both lower- and uppercase letters. The best part is that you’ll no longer have to remember or worry about forgetting your complex passwords – the password manager will keep all of them in one secure place.
- Unlimited digital password storage
- The safest way to keep unbreakable passwords
- 30-day money-back guarantee
Despite security experts recommending using strong and unique passwords, along with two-factor authentication and password managers for more security, people continue using the weak codes that even a beginner cybercriminal could hack in a couple of moments.
There are a few lists documenting the most commonly used passwords – all of them based on different studies. What all of them have in common is their predictability.
How we collected the most common passwords?
The Cybernews Investigation team was interested in what kind of most common password patterns everyday people were using in creating their own passwords. We collected data from publicly leaked data breaches, including the Breach Compilation, Collection #1-5, and other databases. We then anonymized the data and detached the passwords so that we could look at that data in isolation and find the most popular passwords and phrases used.
In total, we were able to analyze 15,212,645,925 passwords, of which 2,217,015,490 were unique. We discovered some interesting things about the way that people create passwords: their favorite sports teams, cities, food, and even curse words. We could even deduce the probable age of the person by looking at which year they use in their password.
Most frequent things in passwords
In order to create simple, memorable combinations for their websites, many people choose to connect them to something that they can easily recall. But that doesn't make the password unique: actually, it's quite the opposite!
During our research, we analyzed over 15 billion entries and separated them into different categories and terms. These right here are some of the most common things used in passwords – if you use something like this in your own combinations, you might want to think twice.
How to generate a strong password?
- Use long password combinations
- Combine numbers, symbols, lowercase, and uppercase letters
- Avoid popular passwords
- Use a secure password manager to create and safely store strong passwords
Most popular years used in passwords
One of the most interesting things is when we looked at which years from 1900-2020 were the most used by people when they made passwords.
Making a rough assumption, people may generally use years in their passwords to mark:
- their birth year
- the year in which the password was created
- a special year
From our analysis, we see that the most popular year was 2010, with nearly 10 million versions of this year used in passwords. The second-most popular used year was 1987 at 8.4 million, and the third was 1991 at nearly 8.3 million.
Looking at the graph in total, there’s a steady increase in usage from around 1940 all the way to 1990. The trend goes down after that, to rise again sharply from 2004 to 2010.
Based on the three general possibilities about why people use years in their passwords, we could make some assumptions:
- The rise from the 1940s to the 1990s correlates to the birth years of the password creators, such that there were more password-creators born in 1980-1990 than those born 1940-1980
- The spike in ‘2010’ usage in passwords could indicate parents whose child was born in that specific year or other special occasions.
- The spike in ‘2000’ could be birth years, but could also be special years, as it was the turn of the millennium
Of course, these are just some speculations we’re making from this dataset.
The internet’s favorite name as a password
The winner is: Eva, but just barely. The #2 name is Alex, which comes in about 50,000 instances less than Eva. After that is Anna, and it tapers down consistently to the #10 most common password name, Daniel.
Both of the least popular names – I’m talking bottom two here – are Darcie and Darcey. Whichever way it’s spelled, it doesn’t seem to be popular.
The world’s favorite sports team – and sport used in creating passwords
Looking at the data for sports teams, we get an idea of not only which the top sports teams around the world are, but also which are the most favored sports:
The number one sports team, at least for the English-language world, seems to be the NBA’s Phoenix Suns, followed by the superior Miami Heat (full disclosure: I’m from Miami). Third up is the MLB’s Cincinnati Reds. Of course, since these are generic terms, there’s a possibility that some of these terms aren’t sports-related – but that’s essentially the risk with all the terms in these statistics.
European soccer (football clubs) come in three times in the top ten, with Liverpool, Chelsea, and Arsenal taking the #5, #6 and #8 spots, respectively.
In total, we can see that there are five NBA teams, two from MLB, and three European football clubs. From this, we can assume that the NBA is, by far, the most popular sport in the world, followed by European football/soccer (even though some stats show that soccer is number one, and basketball comes in at number 3).
When we skew our understanding to the English-language world, with a lot of data coming from the US and the West, the findings in our password analysis seem to correlate.
Just for fun, the least popular sports team to use in passwords is “wolverhamptonwanderers,” used just 3 times, which I’m told is pretty accurate based on their overall performance.
The internet’s favorite curse word as password
Another aspect we were interested in was to see how many passwords contained curse words, and which curse words were favored the most.
Based on our analysis, a total of 152,933,335 passwords contained curse words. Out of 2.2 billion unique passwords, that’s about 7%.
Results show that the Internet’s favorite curse word is “ass” coming in at nearly 27 million usages, followed by “sex” at a little over 5 million. The world’s most flexible ‘F’ word comes in at third place, being used in fewer than 5 million passwords.
Below is a table with the top 10 curse words used in passwords:
The world’s most common city used in passwords
When looking at the data, we see that many users added some variation of their city name to their passwords. Now, before looking at our analysis, we can guesstimate a reason as to why people would do that: pride or love for their city.
Even if it is just a recognition of their birth city, adding that to their passwords would most likely indicate some sort of appreciation for the city, unless it’s something like “ihatephiladelphia2020!”
So, which are the most common cities to use in passwords?
Coming in at number one is “abu” which would most likely represent the UAE capital Abu Dhabi. The number two city is Rome, the fancy capital of Italy.
Third goes to Lima in Peru, followed by “hong” for Hong Kong, and the list continues the trend of international, non-US cities. In fact, only three American cities seem to have ended up on this list: York (as in New York), Austin, and “antonio” for San Antonia, and interestingly the latter are both in Texas.
The top months, days and seasons
If people were like me, the best month would be July or August, the best day either Friday or Saturday, and the best season obviously summer. Fortunately or unfortunately, the world isn’t composed of copies of me, so let’s see what months, days, and seasons people preferred to use most in their passwords.
Well, I’m glad to know that people in the world have some good sense. “summer” is the most popular, and “autumn” is the least. The top weekday is “friday,” but there’s no reason for “saturday” to be at the bottom – common sense would suggest “monday” to be the least popular.
And lastly, “may” takes the cake for most popular month, more than twice as popular as the second-most popular “june.” Yes, of course, “may” is also a common word, so there’s a chance the data is a little skewed in that sense. In any case, the warmer months are at the top, and the absolutely dreadful February is twice as unpopular as the second-last “january.”
The best food for passwords
Lastly, we’ll look at what food people loved to include in their passwords. Surprisingly, this accounted for only 1.9%, with about 42 million uses.
It seems that the most popular food word is either a delicious food or a delicious beverage. Here, “ice” could refer to “ice cream” or “iced tea” – but since “cream” isn’t in the top 10, it’s most likely the beverage. The fact that “tea” is #2 only supports my theory. They are followed by “pie” and “nut.”
The least popular food words were “mayonnaise,” “margarine,” and “seasoning.”
The important thing about these popular passwords statistics
It’s particularly hard to make a judgement about whether these elements of a password – whether the year, curse word, sports team, city or else – is necessarily a good thing or a bad thing.
However, we looked at the length of the passwords used, in terms of number of characters used. Unfortunately, most of the passwords used had 8 or fewer characters.
That, combined with the probability that the passwords weren’t too complex – instead made up of easily guessed combinations – leads us to believe that the passwords from these databases weren’t up to standard. There are much better ways to create a strong password.
For example, using “heat” as an element of the password, something easily guessed could be “letsgoheat” (10 characters), while something more complex would be “heatromearsenalhjamesp” (a 22-character passphrase). You can also use our unique password generator tool that generates strong & random passwords that are almost impossible to crack. People also create strong passphrases using mnemonic devices are better as they usually are long and contain random words that have no logical meaning between each other, hence easier for a person to remember but more complex for an algorithm to crack.
Conclusion: how do I make all my passwords safe?
In order to keep your passwords secure, they all have to be unique and difficult to crack. In truth, the best passwords are the ones that you don’t need to remember at all. For this reason, we normally strongly recommend that people use password managers. These easy-to-use tools will create very complex passwords for you that you don’t even have to remember.
They mostly come as browser extensions that will create or fill in your usernames and passwords for you. The only thing you need to remember is one master password to use the password managers.
Now, if you noticed that your own personal passwords have similar patterns to the ones we analyzed, and that these passwords can be considered rather simple, we recommend you visit our Data Leak Checker to see if your email address and other personal data has been exposed in a data breach.
The Cybernews Data Leak Checker currently has the largest database of known breached accounts, with more than 15 billion compromised accounts. So, chances are that if your account has been leaked, we’ll probably have a record of it.
(2) There are dozens and dozens of websites a person will want to work with;
(3) It's impossible for a real person to remember anything near the number of accounts/websites/software that require a password;
I strongly recommend switching to a "challenge/response" process where the user can state a "challenge" that provides a strong hint for remembering a password but which only the user would know the answer to. E.g., "Your secret 1st Grade crush" provides a prompt for the response (e.g., "Alena") or perhaps the challenge, "First Auto", with the response, "Dented VW".
With luck, future software developers will figure this out and provide the capability and support needed for "challenge/response" security login/access.
space phenomenon. Plus certain dates, and now I will change all of those! Is that better?
Not too difficult to figure out.
Your email address will not be published. Required fields are marked