1. Extra Categories
  2. Editor's Pick
December 12, 2019updated 16 Dec 2019 11:18am

Most common passwords of 2019 show we’re still making the same mistakes

By Lucy Ingham

It could be argued that 2019 was the year of the data breach, yet the list of the most common passwords suggests we still aren’t taking security seriously.

Week after week, we heard stories of thousands – and often millions – of user data exposed, often as a result of simple human error. But apart from revealing which companies haven’t managed their data properly, these breaches often also expose password data, and it is from this that NordPass has assembled the most common passwords of 2019.

From a cybersecurity perspective, it’s not reassuring. Despite decades of advice on good password practices, many people are still using shockingly weak passwords that practically render their accounts an open door. And if yours is on this list, you should change it immediately.

Top 20 most common passwords of 2019

The top 20 most common passwords this year are:

  1. 12345
  2. 123456
  3. 123456789
  4. test1
  5. password
  6. 12345678
  7. zinch
  8. g_czechout
  9. asdf
  10. qwerty
  11. 1234567890
  12. 1234567
  13. Aa123456.
  14. iloveyou
  15. 1234
  16. abc123
  17. 111111
  18. 123123
  19. dubsmash
  20. test

The vast majority of the top passwords are common strings of characters that sit in a line on a standard qwerty keyboard – and people using these passwords are swapping safety for convenience.

“Most people prefer to use weak passwords rather than trying to remember long, complex ones. It also usually means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts get compromised, too,” said Chad Hammond, security expert at NordPass.

most common passwords 2019Looking at the longer list of the 200 most common passwords for this year, there are also very common themes. Women’s names, sports and food appear frequently – and can also often be easily socially engineered.

Ashley, for example, is number 26, while football is number 40 and chocolate is number 48.

Nothing to hide?

Despite frenzied efforts by cybersecurity professionals, many people continue not to consider robust passwords important because they don’t feel that there is anything of theirs worth stealing. But this attitude, said Hammond, is unwise.

“No one leaves their house unlocked. Even if there’s nothing valuable inside, nobody would like strangers sniffing around. And just imagine them changing the lock,” he said.

“The same applies to your online life. Nobody wants to lose access to their personal accounts, especially paying thousands in ransom afterward.”

Read more: Is it time to do away with the traditional password?