top of page

The most common passwords of 2022: What if one of yours makes the list?

Are you using one of these wildly popular - and eminently crackable - passwords? If so, we have a New Year's resolution for you.

The entire cybersecurity industry has been predicting password death for over a decade. Yet it's still the primary way to log into our online accounts and mobile apps. For what ? Because we all know exactly how to use them. And many of us are reluctant to learn new methods. Maybe it's time we did, because the truth is, not all of us know how to use passwords securely.

NordPass' list of the 200 most common passwords of 2022 tells us everything we need to know. Passwords are a huge security risk. If yours is on the list, change it immediately. Better yet, change the way you manage all your credentials. Waiting until it's too late could cost you a lot of extra time, money and stress.

Why passwords are important

Our login credentials are the keys to our digital lives, which today can take the form of streaming services, online banking, messaging, carpooling or social media accounts. Often our card details and personal data are stored in these accounts. This is why they are so popular in the cybercrime community. A report released last June found that 24 billion username and password combinations are circulating in online criminal marketplaces, a 65% increase from 2020 figures and nearly four for every person. on the planet.

Criminals use various techniques to steal passwords:

  • Phishing (phishig): This is one of the oldest tricks. A scammer pretends to be a trusted entity via email, text or phone. Usually it invents an excuse to force you to re-enter your login and other data.

  • Use of brute force: Using automated tools, hackers can now use trial and error to attempt to open accounts. They often introduce commonly used passwords to see if they match.

  • Credential stuffing: This is a type of brute force attack in which hackers use previously breached passwords purchased from the cybercrime community. They then feed them into automated scripts to try them in large quantities on multiple sites and apps simultaneously, to see if there is a match.

  • Keyloggers and Infostealers: Infostealer malware is sometimes delivered via phishing emails or malicious mobile apps placed in app stores. Once on a device or machine, it secretly retrieves passwords as they are entered.

  • Shoulder surfing: Another old trick, more common now that people are once again traveling for work. Beware of entering passwords in public, as they can be seen by prying eyes (and ears).

Once in your account, hackers can steal all the personal data and card data stored there. Or use them themselves in connection with payment card fraud or otherwise. The value of fraudulent payment card transactions exceeded $32 billion in 2021 and is expected to reach $38.5 billion in 2027.

The most hackable passwords

Unfortunately, many Internet users make life easier for criminals. According to a 3TB database of leaked passwords in security incidents, the most popular password in 30 countries is “password,” with nearly five million occurrences. Next comes “123456”, followed by “123456789”, a bit longer. The “guest” and “qwerty” passwords complete the top 5. Most of these credentials can be cracked in less than a second.

You can check out the full list on the NordPass website, but here are the top 20 from this year's list.

Position Password Position Password

1 password 11 1234567

2 123456 12 1234

3 12123456789 13 1234567890

4 guest 14 000000

5 qwerty 15 555555

6 12345678 16 666666

7 111111 17 123321

8 12345 18 654321

9 col123456 19 7777777

10 123123 20 123

The 20 most common passwords in the world in 2022 (source: NordPass)

Outside of these most basic passwords, researchers find that similar patterns pop up every year. All-time favourites, or most infamous, passwords include:

  • Sports teams: for example, the football team “Red Star Belgrade”, which has been used more than 58.5 million times.

  • Fashion brands: for example, “tiffany”, which has been used almost 14.8 million times.

  • Swear words and swear words: The most popular of these was "f*ck", used more than 21 million times.

  • Music artists: Leading the way is U2, with over 33 million hits.

  • Movies: The most popular being "leon", with 6.4 million passwords.

  • Cars: More than eight million users had "mini" as a password.

  • Video games: The most popular in 2022 was “arma” with over 6.2 million users.

  • Food: Nearly 8.6 million passwords used the word "fish".

Worse still: if we reuse these passwords, write them down for all to see, or share them with other people, it will make life even easier for would-be hackers and fraudsters. And if we use the same passwords at work as in our private lives, we could even expose our employer to a possible cyber risk. This could have even more serious repercussions if hackers manage to steal corporate data.

How to properly secure passwords

Fortunately, password security is one of the easiest things to implement, with immediate benefits for our digital lives. The following tips will help you protect your personal and financial information:

  • Always use complex and unique passwords or passphrases. This will make it more difficult for hackers to crack them or perform credential stuffing. This video will put you on the right track:

  • Never reuse passwords to prevent cybercriminals from using credential stuffing to open multiple accounts if they get their hands on a single credential.

  • Don't share your passwords because other people could misuse them, even unintentionally.

  • Close any unused accounts, as they may pose a security risk if you haven't noticed they've been stolen.

  • Use a password manager and consider using it as a password generator as well. This will automatically suggest and store any long, strong and unique password. And it will let you log into any relevant site – all you need is the tool's master password.

  • Regularly check the strength of passwords and update those that are too weak or outdated.

  • Add multi-factor authentication (2FA/MFA) where possible – most accounts now have an option for this. It adds an extra layer of security to passwords by requiring another "factor" of authentication, such as a face or fingerprint scan, or a one-time passcode.

  • Don't connect to a public Wi-Fi network because people listening to conversations on the same network might be able to figure out your passwords.

  • Use security solutions from a reputable company to protect against information thieves and other malware, as well as phishing attacks and other threats.

  • Beware of shoulder surfers when you are on the move. Consider using a screen protector for your laptop.

  • Do not click on suspicious links in unsolicited emails and texts. If in doubt, contact the sender directly, not by resending the message but by searching for their contact details on Google.

  • Only connect to sites using the HTTPS protocol, as they are secure and therefore offer additional protection against attacks that can intercept your connection data.

  • Subscribe to a service that checks if your password has been data breached.

You may have many New Year's resolutions for 2023. But if your own passwords are on the list above, improving the security of your passwords will be one of the most important of them.

1 view0 comments


bottom of page