Most common passwords of 2021: report

While having a strong password is essential for effective digital security, many people are unsure which combination of letters, numbers, and symbols is considered safe enough. Well, you could start by looking at what is not safe. Here are the 200 most common passwords of 2021 you certainly wish to avoid.

The report by Nordpass is out, summarizing the most important statistics of the outgoing year: common passwords. The research was conducted among 50 countries, highlighting the time it would take to crack a combination and how often it was used on average.

According to Nordpass, the top five most used passwords worldwide were:

  1. 123456 - used 103,170,552 times
  2. 123456789 - used 46,027,530 times
  3. 12345 - used 32,955,431 times
  4. qwerty - used 22,317,280 times
  5. password - used 20,958,297 times

It would take less than a minute on average to crack every single one of those. The list went on with different combinations of the *123456789* sequence, “111111”, “qwerty123”, and “000000”.

Out of all the listed passwords, random combinations of numbers and letters, and meaningful words took the longest to crack. For example, “tinkle” was the 98th most common password and would require, on average, two minutes to bypass. Surprisingly, “myspace1,” which occupied the 54th position, would take three hours for a cybercriminal to figure out.

In the United States, the most common combinations were (in that order): “123456”, “password”, “12345”, “123456789”, and “password1”. In comparison, the United Kingdom had the following list: “123456”, “password”, “liverpool”, “password1”, and “123456789”.

Interestingly, the common passwords also differed by gender. As such, in the UK, females used the following sequences most often: “123456”, “password”, “charlie”, “12345”, “chocolate”.

Earlier this month, we have conducted research with similar findings, detailing “123456”, “123456789”, “qwerty”, “password”, and "12345" as the top five most common passwords of 2021.

Choosing a strong password

If you’re unsure of the level of protection offered by your current password, you can use our password leak database to check if your password has been compromised.

If you’re yet to choose a password that would make you feel secure, remember a few useful tips.

  • Using personal information in passwords is a bad idea

The most common years people opt for in their passwords are their year of birth, year of password creation, and a memorable year. Furthermore, according to our research, the most used names for passwords in 2021 were Eva, Alex, and Anna. The reason why choosing such personal details is not a viable thing to do is that obtaining data is easier than ever, with your circle of family and friends likely already possessing it. The more you post about yourself on the Internet, the easier it is to profile you and come up with possible combinations.

  • Re-using your passwords is also not the way to go

As of 2021, 51% of people re-use their passwords, and 55% rely on memory to navigate them, according to DataProt. These statistics are very interconnected: the less trust people have in storing their passwords physically or online, the less likely they are to alternate between combinations. Now, we know that remembering tens of complex passwords is simply impossible - and you don’t have to. Opt for a reliable password manager that will create and fill strong passwords in for you.

  • If your password is weak, change it

This one is pretty straightforward: if you notice that your password is just not up to standard, come up with a better sequence or use our random password generator. It will create a 12-character sequence for you, which will take around 1.4 billion years for a brute-force attack to bypass.

Finally, if you have noticed your password in the list and are worried that your data may have been compromised, check our personal data leak checker with a 500 GB database of hashed emails to see if any of your information has ended up in the wrong hands.