When it comes to digital security, the always changing environments remain as grim as ever. NordPass, in collaboration with NordStellar, has released its sixth annual study on the worst passwords of 2024, and the results are a stark reminder of our collective failure to prioritize online safety.
Drawing on a 2.5TB database of information sourced from public sources including the dark web, the study found the most common passwords used worldwide on a country by country basis, and which were the easiest to crack. The worst passwords of 2024 are a testament to our continued reliance on simplistic and predictable combinations, leaving our digital lives vulnerable to malicious actors.
The Hall of Shame: Top 10 Worst Passwords Globally
Leading the pack of the worst passwords of 2024 is the perennial favorite, “123456,” which has topped the list for five out of the past six years. Other variations of this simple numerical sequence resemble this one very closely.
Each additional number in this pattern is followed by its numerical predecessor, spewed out continuously, like, “123456789,” “12345678,” and “12345.” It’s scary to realize that with a having such passwords can now be cracked by a hacker in less than a second, and are a common choice by users around the world.
Other entries in the top 10 worst passwords of 2024 include “password,” “qwerty123,” “qwerty1,” “111111,” “secret,” and “123123.” They not only easy to guess but show little creativity and a lack of awareness as far as basic security principles go.
The U.S. Perspective: English-Based Weaknesses
When focusing on passwords used for U.S. accounts, the list of the worst passwords of 2024 takes on a slightly different flavor. English based words and phrases are more prevalent but so are numerical sequences. The top 10 worst passwords of 2024 in the U.S. include “secret,” “password,” “qwerty123,” “qwerty1,” “password1,” and “abc123.”
Taken together, these results point to an interest in using easily guessable words in the US password space, over the use of unrelated numerical patterns. However, the end result is the same: These passwords could be hacked by a hacker in seconds and put at risk sensitive information, as well as jeopardizing digital identities.
Corporate America’s Password Woes
Perhaps most concerning is the revelation that the worst passwords of 2024 are not limited to personal accounts. In addition to this, NordPass also compiled a list of passwords for corporate accounts and these results are equally alarming.
In the corporate world for example, the most used password is ‘password’ followed very closely by numerical sequences such as ‘123456,’ ‘123456789’ and ‘12345678.’ But this still doesn’t hold up, because the world’s employees should be too busy, we’d think, with their twice yearly, mandatory corporate privacy training, to be creating weak and easily guessible passwords to secure millions of dollars worth of sensitive company data.
In the U.S. specifically, the worst passwords of 2024 for corporate accounts include “password,” “123456,” “qwerty123,” “qwerty1,” and the enigmatic “aaron431.” Although the latter appears randomly, it has been seen as a common password for several years in many industries, possibly because it’s the default password for a popular program.
The Path to Stronger Digital Security
The fact that weak passwords continue to linger year after year underscores the need for us to raise awareness and teach about good digital security practices. Understanding the risk of using simple, easily guessable passwords by individuals and organizations alike is important and we need to proactively make our online defenses stronger.
The best solution to this issue is password managers that can produce strong and unique password for each of your account and then securely store the password so you can access them easily at any point in time. By using a password manager, users can significantly reduce the risk of falling victim to the worst passwords of 2024 and protect their digital lives from potential breaches.
In addition, organisations need to make sure that security training is comprehensive that applies for its employees which implies educating them on the need to create strong, unique passwords and changing them regularly. If companies can help to foster a culture of digital security awareness, this goes a long way towards reducing the risk of data breaches and protecting some important assets.
Final Thought
The worst passwords of 2024, as revealed by NordPass, serve as a sobering reminder of the persistent problem of weak digital security practices. In an ever connected world, as we are, it is imperative that we take steps now to protect our online identities and our sensitive information.
By embracing password managers, educating ourselves and others about the risks of weak passwords, and prioritizing digital security in both personal and professional contexts, we can work towards a future where the worst passwords of 2024 become a relic of the past. Now it’s time to get out of the constant loop of false security, and take back our digital lives, from just being that one strong password.
