.

$  

BEST ANTIVIRUS BEST PASSWORD MANAGERS BEST VPN BEST PARENTAL CONTROLS TOOLS DEALS & COUPONS BLOG NEWS 

Home Blog 20 Most Hacked Passwords in 2024: Is Yours Here?

20 Most Hacked Passwords in 2024: Is Yours Here?

Sam Boyd Updated on: December 12, 2023

I’ve analyzed extensive data and industry trends with the SafetyDetectives Research Team to compile a
report of the 20 most hacked passwords in 2024. These passwords, despite their ubiquity, leave users
vulnerable to unauthorized access, identity theft, and data breaches

I used several years’ worth of leaks to compile this report — found on hacking forums, marketplaces, and
dark web sites — usually sold as treasure troves of sensitive information for criminals.

Here’s a quick look at the most hacked passwords in this report: This article contains

 USA — password Over 18 Million Passwords

Analyzed
 Germany — 123456
Top 30 Most Used Passwords in
 Russia — qwerty the World
 France — azerty General Password Trends in the
 Italy — 123456 World

 Spain — 123456 Germany – Top 20 Most Used

Passwords
Note, I only analyzed the data — no identifying information like usernames or banking details were
France – Top 20 Most Used
compromised while conducting this research. My goal was not to simply put together another “most Passwords
used/hacked passwords” list. Instead, I wanted to see if there were any obvious patterns occurring around the
Russia – Top 20 Most Used
world that would cause hackers easier access to user information, regardless of language or location. Passwords

Italy – Top 20 Most Used

That said, before we dive into the report, you should consider using a password manager like
Passwords
1Password if you’re worried about your online security. 1Password not only offers a secure storage vault for
USA – Top 20 Most Used
your passwords but also includes a convenient password generator. This tool can help you create strong and
Passwords
unique passwords (unlike those above), bolstering your defenses against malicious actors.
Spain – Top 20 Most Used
Passwords
Over 18 Million Passwords Analyzed
Top 20 Most Used Passwords for
We collected and analyzed a total of 18,419,945 passwords. Around 9 million passwords were from the .edu Users

general population Analysis: The Most Used Word

Patterns in Passwords

 From various worldwide databases, we collected 9,056,593 passwords Hacker’s Top 10 Most Used
 Note that there’s some overlap with other populations. Passwords List Explained

 From hacked .edu users, we collected 328,000 passwords. Additional Insights on Worldwide
Password Trends
The remaining 9 million passwords were country-specific:
How to Improve Password
Strength
 Germany — 783,756.
Frequently Asked Questions
 France — 446,613.

 Russia — 5,614,947.
 Italy — 49,622.
Best Password Manager Deals
 Spain — 459,665.
 USA — 1,680,749. 100% Off
Get Deal 
We looked at this from a lot of different angles to identify the weakest and most insecure passwords in the
world. For each population, we identified:
$20 Off
 The top 20 most used passwords (and the top 30 overall). Get Deal 
 The most popular password patterns.

 Specific cultural references to that population. 50% Off

Get Deal 
We also looked at:

 How names found in email addresses are used in passwords. We specifically looked at the use of first
names in “[first_name].[last_name]@[email_provider].com” and address names in
“[address_name]@[email_provider].com”.
 How these common passwords compare to the “Hacker’s List” – the list of passwords that are most often
used by security researchers for dictionary attacks. (“Dictionary attacks” refers to trying many different
common passwords until the right one is guessed.)

Note: Many of the passwords analyzed in this report would not be allowed to be used by sites that have
password strength checks in place.

Top 30 Most Used Passwords in the World

1. 123456
2. password
3. 123456789
4. 12345
5. 12345678
6. qwerty
7. 1234567
8. 111111
9. 1234567890
10. 123123
11. abc123
12. 1234
13. password1
14. iloveyou
15. 1q2w3e4r
16. 000000
17. qwerty123
18. zaq12wsx
19. dragon
20. sunshine
21. princess
22. letmein
23. 654321
24. monkey
25. 27653
26. 1qaz2wsx
27. 123321
28. qwertyuiop
29. superman
30. asdfghjkl

General Password Trends in the World

 The word “password” and its slight variations (e.g. “password1”) are very popular.
 Common words and phrases are also widely used (“letmein”, “iloveyou”, “princess”, “superman”, etc.).

 Keyboard patterns remain popular — 25% of the top 30 most common passwords are keyboard patterns.
“qwerty” is the most used one by far, but diagonal keyboard pattern variations like “1q2w3e4r” and
“zaq12wsx” are also well represented.

Numbers are the Most Common Password Pattern

Numeric patterns are worldwide favorites when it comes to creating a weak, easy-to-guess password.
Increasing (e.g. 123456) or repetitive (e.g. 111111) numeric patterns could be observed in 8 out of the top 10
and 13 out of the top 30 most used passwords.

Analyzing passwords by country, we notice a few more things:

 The word “hello” is a popular password choice everywhere (in their respective languages), present in the
top 20 password lists of nearly all countries we analyzed.
 The soccer-loving nations of Italy and Spain both have names of prominent soccer teams in the top 10 of
their most common passwords.

 German and Spanish users favor numeric patterns.

 Russian users more often choose keyboard patterns for passwords than other countries.

Germany – Top 20 Most Used Passwords

1. 123456
2. 123456789
3. 12345678
 4. hallo123
5. hallo
6. 12345
7. passwort
8. lol123
9. 1234
10. 123
11. qwertz
12. ficken
13. 1234567
14. arschloch
15. 1234567890
16. 1q2w3e4r
17. killer
18. sommer
19. schalke04
20. dennis

The most common password pattern: German users show a preference for simple, easy-to-guess increasing
numeric passwords, starting with “123” and going all the way to “1234567890”. Such passwords constitute
nearly 50% of the German top 20 list.

Other password trends: The word “passwort” (“password”) and “hallo” (“hello”) are popular choices, and so are
keyboard patterns using the German keyboard layout (e.g. “qwertz”).

France – Top 20 Most Used Passwords

1. azerty
2. marseille
3. loulou
4. 123456
5. doudou
6. 010203
7. badoo
8. azertyuiop
9. soleil
10. chouchou
11. 123456789
12. bonjour
13. nicolas
14. jetaime
15. motdepasse
16. alexandre
17. chocolat
18. coucou
19. camille
20. caramel

The most common password pattern: While the French version of “qwerty” — “azerty” — is number one,
common French words and phrases requiring little to no translation like “marseille”, “bonjour”, “jetaime”,
“soleil”, or “chocolat” are also very popular.

Other password trends: Increasing numeric patterns are notably less popular with French users than with the
worldwide population. Only 3 out of the top 20 French passwords are numeric. This can likely be explained
due to French keyboards requiring users to press “Shift + number” instead of only the number.

Russia – Top 20 Most Used Passwords

1. qwerty
2. 123456
3. qwertyuiop
4. qwe123
5. 123456789
6. 111111
7. klaster
8. qweqwe
9. 1qaz2wsx
10. 1q2w3e4r
 11. qazwsx
12. 1234567890
13. 1234567
14. 7777777
15. 123321
16. 1q2w3e
17. 123qwe
18. 1q2w3e4r5t
19. zxcvbnm
20. 123123

The most common password pattern: All of the top 20 Russian passwords are numbers and patterns, and
many of them are different from worldwide trends. Russian users often choose diagonal keyboard patterns
involving numbers and alphanumeric characters — for example, “1qaz2wsx” or “1q2w3e4r”.

Other password trends: Russian users are the least likely of the populations we analyzed to use meaningful
words — in Russian or English — as passwords.

Italy – Top 20 Most Used Passwords

1. 123456
2. 123456789
3. juventus
4. password
5. 12345678
6. ciaociao
7. francesca
8. alessandro
9. giuseppe
10. martina
11. francesco
12. valentina
13. qwertyuiop
14. antonio
15. stellina
16. federico
17. federica
18. giovanni
19. lorenzo
20. asdasd

The most common password pattern: First names like “francesco”, “alessandro”, or “guiseppe” are the most
popular password choices for Italian users. Such passwords are particularly insecure and easy to guess when
used in combination with an email mentioning the same first name — for example,
[first_name]@[email_provider].com. Unfortunately, this practice is still very common.

Other password trends: This soccer-crazy nation has “juventus” as the #3 top password choice.

USA – Top 20 Most Used Passwords

1. password
2. 123456
3. 123456789
4. 12345678
5. 1234567
6. password1
7. 12345
8. 1234567890
9. 1234
10. qwerty123
11. qwertyuiop
12. 1q2w3e4r
13. 1qaz2wsx
14. superman
15. iloveyou
16. qwerty1
17. qwerty
18. 123456a
 19. letmein
20. football

The most common password pattern: US users are equally likely to use an increasing numeric pattern,
keyboard pattern, or a common word or phrase as a password.

Other password trends: 25% of the US’s top 20 passwords contain “qwerty” as an exact or partial match.

Spain – Top 20 Most Used Passwords

1. 123456
2. 123456789
3. 12345
4. 12345678
5. 111111
6. 1234567890
7. 000000
8. 1234567
9. barcelona
10. 123456a
11. 666666
12. 654321
13. 159159
14. 123123
15. realmadrid
16. 555555
17. mierda
18. alejandro
19. tequiero
20. a123456

The most common password pattern: Spanish users show a preference for numeric patterns like German
users do.

Other password trends: Out of the 5 common words in the top 20 list, 2 are the names of famous Spanish
soccer teams (“barcelona” and “realmadrid”).

Top 20 Most Used Passwords for .edu Users

Students and faculty at university don’t typically regard their .edu email addresses as important, so they tend
to create easy-to-guess passwords.

The 20 most common .edu passwords are:

1. 123456
2. password
3. 123456789
4. secret
5. 12345
6. password1
7. football
8. baseball
9. 123123
10. abc123
11. soccer
12. 1234
13. qwerty
14. sunshine
15. basketball
16. monkey
17. ashley
18. princess
19. 12345678
20. 1234567

The most common password pattern: Educational domain users are likely to choose common passwords —
these passwords constitute 60% of the overall top 30 list.
Other password trends: .edu users often pick names of sports for their insecure passwords, and they are more
likely to do so than any other category of users analyzed in this report. The increasing numeric passwords
they use tend to be short — 6 out of the 8 numeric patterns on the list are under 8 characters long.

Analysis: The Most Used Word Patterns in Passwords

This section summarizes my analysis of commonly used word patterns within passwords. Numeric sequences
(such as “123456” etc.) are excluded from this section’s analysis. (Note: We include numeric patterns in our
analysis later on.)

Worldwide Trends

 The word “password” is the most popular choice worldwide as well as with .edu users and the US
population. Its variations in other languages, such as “passwort” (German) or “motdepasse” (French), were
also found in the top 20 for their respective country.
 Culturally relevant words are also popular worldwide and across many countries. Words like “angel”,
“dragon”, and “superman” which are culturally relevant to a broad category of users.
 Most European users (particularly Italian and Spanish) prefer using first names as passwords.

 Russian users differ from the other populations in our study. They prefer keyboard patterns over meaningful
words, even when using alphanumeric characters as passwords.

First Names in Passwords

The use of first names inside passwords is very common, especially first names that are included in email
addresses — 4.19% of worldwide users do this. Italians (4.13%), Russians (3.79%), and Germans (2.51%)
are the global populations most likely to use these extremely easy-to-hack passwords.

First Names + 123 Patterns in Passwords

A “123” prefix/suffix in email addresses was seen in about 0.03% of worldwide passwords. While adding
random numeric patterns to passwords is a great strategy, this simple pattern is far too common, making
these kinds of passwords very easy for hackers to guess.

Famous People, Brands & Pop Culture Figures in Passwords

We frequently found pop culture and historic figures used either as part of a password or an exact match in
our analysis of 9.3 million users worldwide. We also found that cultural references influenced password
choices quite heavily.

 “Christ” and “Jesus” led the way with 7,432 and 7,414 respective mentions in passwords.

 Three brands — “Google” (7,057 mentions), “Apple” (6,240), and “Samsung” (2,866) — also made it to the
top 10.

 The popular TV series “Friends” was another top choice with 4,289 mentions, while “Starwars” was used
2,237 times.

 The popular sports figure “Ronaldo” was at the 10th spot with 1,265 mentions.

Hacker’s Top 10 Most Used Passwords List Explained

I compared my findings with the top 10 list of the most used passwords that hackers use when testing login
security. I used the following resources to create the Hacker’s Top 10 most used passwords list:

 John The Ripper (password cracking program)

 NMAP (network discovery tool)

 Security researchers’ most used passwords lists (sourced from Github)

 Honeypot credentials from real world attacks (sourced from Github)

Hacker’s Top 10 List of Most Used Passwords

1. 123456
2. password
3. 12345678
4. 1234567
5. qwerty
6. 654321
7. 111111
8. 123123
9. 1234567890
10. iloveyou
The most insecure passwords to use across all countries and populations is“123456” and “password” — two
of the most obvious, easiest-to-guess patterns which meet the minimum 6 to 8 character password length
requirement that most websites have.

“123456” is #1 on the Hacker’s List for a reason — this password is THE most popular one worldwide (0.62%
of 9.3M passwords analyzed). It also holds the:

 #1 spot for .edu, Germany, Italy, and Spain users.

 #2 spot for USA and Russia users.

 #4 spot for France users.

Match Between Countries’ Top 10 and Hacker’s Top 10

Here’s how the 10 most common passwords in various populations matched the Hacker’s Top 10 list:

 Worldwide – 80% match

 USA, Spain – 50%

 Italy, Russia – 33%

 Germany – 25%

 France – 10%

The overall password trends analyzed from worldwide users match up pretty well with this list, making the
most used passwords in the world extremely prone to dictionary attacks. Users in the US and Spain with these
passwords are also extremely susceptible to hacks.

Additional Insights on Worldwide Password Trends

 The Italian and US populations are the ones most likely to use first names and/or other words that are part
of their email credentials in their passwords. Overall, up to 4% of users worldwide do this.

 The Russian population uses keyboard patterns and numbers for their passwords more often than other
populations we analyzed.

 The phrase “iloveyou” in local languages is a popular choice for passwords.

 Passwords like “111111” or “000000” are likely to be chosen when the user is on their phone.

Most Common Year Used in Passwords

Surprisingly, one of the most frequently used years in passwords is 2013. While it may seem random, this
particular year has gained popularity among users both as a prefix and a suffix in their passwords. However,
using such a commonly chosen year makes your password highly vulnerable to hacking. Other common years
include 2000 and 2010.

Individuals often use their birth years, a year of importance in their family, or the year they established the
password. Frankly, this doesn’t significantly enhance security as much of this data can be publicly found or
effortlessly obtained by technically proficient hackers.

Using Birthdays in Passwords

Using birthdays in passwords is also dangerous due to their predictability and ease of discovery. Your birthday
is personal information that can often be easily obtained or guessed by attackers. If an attacker has
knowledge of your birthdate or can gather it from social media or public records, they have a higher chance of
successfully cracking your password. Moreover, birthdays are often used as common elements in brute-force
attacks or dictionary-based hacking attempts. To ensure better password security, it is advisable to avoid
incorporating birthdays and instead create unique, complex passwords using a password generator that
combines letters, numbers, and symbols.

How to Improve Password Strength

Most people fall victim to cyber threats because they don’t use unique, secure, and hard-to-crack passwords.
And understandably so; without a password manager, it becomes an impossible task to remember hundreds
of unique and complex passwords for each login.

5 tips for improving password strength:

1. Don’t reuse passwords on any account.

2. Use a password that is longer than 8 characters.
3. Don’t include any words in your email address as part of your password.
4. Always include numbers, capital letters, and special characters in passwords. But many passwords start
with a capital letter and end with a number (often the current year). Don’t follow that pattern.
5. Don’t include common names, common cities, or common cultural references.
Bonus tip: All of the top password managers in 2024 include a password generator to create unique and
secure passwords for you.

To safeguard your passwords effectively and simply, use a password manager. We recommend affordable
premium options like 1Password, which not only generates but also auto-fills secure passwords, all the while
encrypting your data against theft.

Frequently Asked Questions

How many times has my password been hacked?
To determine how many times your password has been compromised, use a dark web scanner like the one
included in Norton’s security suite. These scanners search the dark web for leaked databases and breached
accounts, providing valuable insights into the security of your passwords. By inputting your email address into
the scanner, it cross-references it against known breaches and informs you if your password has been
compromised in any of those incidents (and sometimes how many times it’s been compromised). This
proactive approach allows you to assess the vulnerability of your passwords and take necessary actions such
as changing compromised passwords and adopting stronger security measures to protect your online
accounts.

Does changing my password stop hackers?

Changing your password can stop hackers, but it’s crucial to change your password to a strong and unique
password. Simply altering a weak or easily guessable password or creating another easily guessable
password won’t provide effective protection. By utilizing a secure password manager like 1Password,
however, you can generate complex passwords that are resistant to brute-force attacks. These password
managers also offer the convenience of securely storing and auto-filling your passwords across various
platforms.

Regularly changing passwords, coupled with strong password practices and multi-factor authentication,
significantly strengthens your defenses against hacking attempts and enhances your overall online security.

What is the least common password?

The least common password is one generated by a password manager like Dashlane, incorporating a mix of
numbers, letters, symbols, and special characters.

These password managers generate highly unique and random passwords that are rarely used by individuals.
By avoiding commonly used words or patterns, password managers create robust and secure passwords that
are difficult for hackers to guess or crack. These passwords typically consist of a long string of characters,
making them significantly more resilient against brute-force attacks or dictionary-based hacking attempts.
Embracing the strength of password managers helps ensure stronger and more secure online accounts.

Why are strong passwords important?

Strong passwords are important for several reasons. Firstly, they help prevent unauthorized access to your
accounts and protect your sensitive information. With a strong password, it becomes significantly harder for
hackers to crack or guess your password through brute-force attacks.

Secondly, strong passwords can mitigate the impact of data breaches. If your password is weak, it can be
easily compromised, putting your personal data at risk. By using a strong and unique password for each
account, you reduce the likelihood of multiple accounts being compromised.

Lastly, strong passwords are a crucial part of a comprehensive cybersecurity strategy, alongside measures
like two-factor authentication, to enhance overall online security.