It could be argued that 2019 was the year of the data breach, yet the list of the most common passwords suggests we still aren’t taking security seriously.
Week after week, we heard stories of thousands – and often millions – of user data exposed, often as a result of simple human error. But apart from revealing which companies haven’t managed their data properly, these breaches often also expose password data, and it is from this that NordPass has assembled the most common passwords of 2019.
From a cybersecurity perspective, it’s not reassuring. Despite decades of advice on good password practices, many people are still using shockingly weak passwords that practically render their accounts an open door. And if yours is on this list, you should change it immediately.
Top 20 most common passwords of 2019
The top 20 most common passwords this year are:
The vast majority of the top passwords are common strings of characters that sit in a line on a standard qwerty keyboard – and people using these passwords are swapping safety for convenience.
“Most people prefer to use weak passwords rather than trying to remember long, complex ones. It also usually means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts get compromised, too,” said Chad Hammond, security expert at NordPass.
Looking at the longer list of the 200 most common passwords for this year, there are also very common themes. Women’s names, sports and food appear frequently – and can also often be easily socially engineered.
Ashley, for example, is number 26, while football is number 40 and chocolate is number 48.
Nothing to hide?
Despite frenzied efforts by cybersecurity professionals, many people continue not to consider robust passwords important because they don’t feel that there is anything of theirs worth stealing. But this attitude, said Hammond, is unwise.
“No one leaves their house unlocked. Even if there’s nothing valuable inside, nobody would like strangers sniffing around. And just imagine them changing the lock,” he said.
“The same applies to your online life. Nobody wants to lose access to their personal accounts, especially paying thousands in ransom afterward.”