Professional Documents
Culture Documents
20 Most Hacked Passwords in 2024
20 Most Hacked Passwords in 2024
$
BEST ANTIVIRUS BEST PASSWORD MANAGERS BEST VPN BEST PARENTAL CONTROLS TOOLS DEALS & COUPONS BLOG NEWS
I’ve analyzed extensive data and industry trends with the SafetyDetectives Research Team to compile a
report of the 20 most hacked passwords in 2024. These passwords, despite their ubiquity, leave users
vulnerable to unauthorized access, identity theft, and data breaches
I used several years’ worth of leaks to compile this report — found on hacking forums, marketplaces, and
dark web sites — usually sold as treasure troves of sensitive information for criminals.
Here’s a quick look at the most hacked passwords in this report: This article contains
From various worldwide databases, we collected 9,056,593 passwords Hacker’s Top 10 Most Used
Note that there’s some overlap with other populations. Passwords List Explained
From hacked .edu users, we collected 328,000 passwords. Additional Insights on Worldwide
Password Trends
The remaining 9 million passwords were country-specific:
How to Improve Password
Strength
Germany — 783,756.
Frequently Asked Questions
France — 446,613.
Russia — 5,614,947.
Italy — 49,622.
Best Password Manager Deals
Spain — 459,665.
USA — 1,680,749. 100% Off
Get Deal
We looked at this from a lot of different angles to identify the weakest and most insecure passwords in the
world. For each population, we identified:
$20 Off
The top 20 most used passwords (and the top 30 overall). Get Deal
The most popular password patterns.
How names found in email addresses are used in passwords. We specifically looked at the use of first
names in “[first_name].[last_name]@[email_provider].com” and address names in
“[address_name]@[email_provider].com”.
How these common passwords compare to the “Hacker’s List” – the list of passwords that are most often
used by security researchers for dictionary attacks. (“Dictionary attacks” refers to trying many different
common passwords until the right one is guessed.)
Note: Many of the passwords analyzed in this report would not be allowed to be used by sites that have
password strength checks in place.
Keyboard patterns remain popular — 25% of the top 30 most common passwords are keyboard patterns.
“qwerty” is the most used one by far, but diagonal keyboard pattern variations like “1q2w3e4r” and
“zaq12wsx” are also well represented.
The word “hello” is a popular password choice everywhere (in their respective languages), present in the
top 20 password lists of nearly all countries we analyzed.
The soccer-loving nations of Italy and Spain both have names of prominent soccer teams in the top 10 of
their most common passwords.
Russian users more often choose keyboard patterns for passwords than other countries.
The most common password pattern: German users show a preference for simple, easy-to-guess increasing
numeric passwords, starting with “123” and going all the way to “1234567890”. Such passwords constitute
nearly 50% of the German top 20 list.
Other password trends: The word “passwort” (“password”) and “hallo” (“hello”) are popular choices, and so are
keyboard patterns using the German keyboard layout (e.g. “qwertz”).
The most common password pattern: While the French version of “qwerty” — “azerty” — is number one,
common French words and phrases requiring little to no translation like “marseille”, “bonjour”, “jetaime”,
“soleil”, or “chocolat” are also very popular.
Other password trends: Increasing numeric patterns are notably less popular with French users than with the
worldwide population. Only 3 out of the top 20 French passwords are numeric. This can likely be explained
due to French keyboards requiring users to press “Shift + number” instead of only the number.
The most common password pattern: All of the top 20 Russian passwords are numbers and patterns, and
many of them are different from worldwide trends. Russian users often choose diagonal keyboard patterns
involving numbers and alphanumeric characters — for example, “1qaz2wsx” or “1q2w3e4r”.
Other password trends: Russian users are the least likely of the populations we analyzed to use meaningful
words — in Russian or English — as passwords.
The most common password pattern: First names like “francesco”, “alessandro”, or “guiseppe” are the most
popular password choices for Italian users. Such passwords are particularly insecure and easy to guess when
used in combination with an email mentioning the same first name — for example,
[first_name]@[email_provider].com. Unfortunately, this practice is still very common.
Other password trends: This soccer-crazy nation has “juventus” as the #3 top password choice.
The most common password pattern: US users are equally likely to use an increasing numeric pattern,
keyboard pattern, or a common word or phrase as a password.
Other password trends: 25% of the US’s top 20 passwords contain “qwerty” as an exact or partial match.
The most common password pattern: Spanish users show a preference for numeric patterns like German
users do.
Other password trends: Out of the 5 common words in the top 20 list, 2 are the names of famous Spanish
soccer teams (“barcelona” and “realmadrid”).
1. 123456
2. password
3. 123456789
4. secret
5. 12345
6. password1
7. football
8. baseball
9. 123123
10. abc123
11. soccer
12. 1234
13. qwerty
14. sunshine
15. basketball
16. monkey
17. ashley
18. princess
19. 12345678
20. 1234567
The most common password pattern: Educational domain users are likely to choose common passwords —
these passwords constitute 60% of the overall top 30 list.
Other password trends: .edu users often pick names of sports for their insecure passwords, and they are more
likely to do so than any other category of users analyzed in this report. The increasing numeric passwords
they use tend to be short — 6 out of the 8 numeric patterns on the list are under 8 characters long.
Worldwide Trends
The word “password” is the most popular choice worldwide as well as with .edu users and the US
population. Its variations in other languages, such as “passwort” (German) or “motdepasse” (French), were
also found in the top 20 for their respective country.
Culturally relevant words are also popular worldwide and across many countries. Words like “angel”,
“dragon”, and “superman” which are culturally relevant to a broad category of users.
Most European users (particularly Italian and Spanish) prefer using first names as passwords.
Russian users differ from the other populations in our study. They prefer keyboard patterns over meaningful
words, even when using alphanumeric characters as passwords.
A “123” prefix/suffix in email addresses was seen in about 0.03% of worldwide passwords. While adding
random numeric patterns to passwords is a great strategy, this simple pattern is far too common, making
these kinds of passwords very easy for hackers to guess.
We frequently found pop culture and historic figures used either as part of a password or an exact match in
our analysis of 9.3 million users worldwide. We also found that cultural references influenced password
choices quite heavily.
“Christ” and “Jesus” led the way with 7,432 and 7,414 respective mentions in passwords.
Three brands — “Google” (7,057 mentions), “Apple” (6,240), and “Samsung” (2,866) — also made it to the
top 10.
The popular TV series “Friends” was another top choice with 4,289 mentions, while “Starwars” was used
2,237 times.
The popular sports figure “Ronaldo” was at the 10th spot with 1,265 mentions.
1. 123456
2. password
3. 12345678
4. 1234567
5. qwerty
6. 654321
7. 111111
8. 123123
9. 1234567890
10. iloveyou
The most insecure passwords to use across all countries and populations is“123456” and “password” — two
of the most obvious, easiest-to-guess patterns which meet the minimum 6 to 8 character password length
requirement that most websites have.
“123456” is #1 on the Hacker’s List for a reason — this password is THE most popular one worldwide (0.62%
of 9.3M passwords analyzed). It also holds the:
Here’s how the 10 most common passwords in various populations matched the Hacker’s Top 10 list:
Germany – 25%
France – 10%
The overall password trends analyzed from worldwide users match up pretty well with this list, making the
most used passwords in the world extremely prone to dictionary attacks. Users in the US and Spain with these
passwords are also extremely susceptible to hacks.
The Russian population uses keyboard patterns and numbers for their passwords more often than other
populations we analyzed.
Surprisingly, one of the most frequently used years in passwords is 2013. While it may seem random, this
particular year has gained popularity among users both as a prefix and a suffix in their passwords. However,
using such a commonly chosen year makes your password highly vulnerable to hacking. Other common years
include 2000 and 2010.
Individuals often use their birth years, a year of importance in their family, or the year they established the
password. Frankly, this doesn’t significantly enhance security as much of this data can be publicly found or
effortlessly obtained by technically proficient hackers.
Using birthdays in passwords is also dangerous due to their predictability and ease of discovery. Your birthday
is personal information that can often be easily obtained or guessed by attackers. If an attacker has
knowledge of your birthdate or can gather it from social media or public records, they have a higher chance of
successfully cracking your password. Moreover, birthdays are often used as common elements in brute-force
attacks or dictionary-based hacking attempts. To ensure better password security, it is advisable to avoid
incorporating birthdays and instead create unique, complex passwords using a password generator that
combines letters, numbers, and symbols.
To safeguard your passwords effectively and simply, use a password manager. We recommend affordable
premium options like 1Password, which not only generates but also auto-fills secure passwords, all the while
encrypting your data against theft.
Regularly changing passwords, coupled with strong password practices and multi-factor authentication,
significantly strengthens your defenses against hacking attempts and enhances your overall online security.
The least common password is one generated by a password manager like Dashlane, incorporating a mix of
numbers, letters, symbols, and special characters.
These password managers generate highly unique and random passwords that are rarely used by individuals.
By avoiding commonly used words or patterns, password managers create robust and secure passwords that
are difficult for hackers to guess or crack. These passwords typically consist of a long string of characters,
making them significantly more resilient against brute-force attacks or dictionary-based hacking attempts.
Embracing the strength of password managers helps ensure stronger and more secure online accounts.
Secondly, strong passwords can mitigate the impact of data breaches. If your password is weak, it can be
easily compromised, putting your personal data at risk. By using a strong and unique password for each
account, you reduce the likelihood of multiple accounts being compromised.
Lastly, strong passwords are a crucial part of a comprehensive cybersecurity strategy, alongside measures
like two-factor authentication, to enhance overall online security.