Top 200 Most Common Passwords

Research breakdown

Methodology

The list of passwords was compiled in partnership with independent researchers specializing in researching cybersecurity incidents. They evaluated a 4.3TB database extracted from various publicly available sources, including those on the dark web. No personal data was acquired or purchased by NordPass to conduct this study.

Up to 35 countries

Researchers classified the data into various verticals, which allowed them to perform a statistical analysis based on countries. NordPass exclusively received only statistical information from the researchers, which gives no reference to internet users’ personal data.

Eight types of platform categories

NordPass, in partnership with third-party researchers, analyzed passwords from a 6.6TB database. These passwords were stolen by various stealer malware, such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot. Malware logs include not only passwords, but also the source website. Researchers categorized the most popular passwords per platform type and shared statistically aggregated findings with NordPass.

Findings

Top passwords: A category comparison

People exhibit a variety of password habits depending on the platform category at hand. Explore how password creation and management habits diverge across various digital platforms.

Interesting findings

The password problem

86%

of all web app attacks use stolen credentials

Source: Verizon

18%

of the most common items for sale on the dark web are online accounts, emails, and passwords.

Source: NordVPN.com

24B

Credentials have been breached since 2016

Source: Reliaquest.com

100

is the number of passwords that an average user has.

Source: NordPass

Is it time to wave passwords goodbye?

Passkeys are here to stay

Passkeys, based on FIDO standards, are the modern solution to the password problem. At NordPass, we're one of the early adopters of passkey technology, allowing our users to enjoy a secure and smooth online experience.

Passkeys are the future

NordPass’ research is yet another example of how passwords are long past their expiration date – users continue to depend on incredibly weak passwords. Credential managers, such as NordPass, are an effective way for users to improve their password hygiene and will also play a critical role in helping consumers and businesses manage the transition towards passkeys, a true password replacement featuring robust security and usability.

- Andrew Shikiar

Executive director & CMO of FIDO Alliance

Fundamentals of password safety

Use complex passwords

Your password should be at least 20 characters long and include a mix of uppercase and lowercase letters, numbers, and special symbols. Avoid using easily guessable information like birthdays, names, or common words.

Never reuse passwords

Never use the same password across multiple sites or services. If one account gets compromised, all your accounts could be at risk.

Check your passwords

Take the time to regularly assess your password health. Identify weak, old, or reused passwords and improve with new and complex ones for a safer online experience.

Use a password manager

Generate and store complex and unique passwords for each of your accounts with the help of NordPass. These tools can generate, retrieve, and store complex passwords for you.

Get in touch

If you are interested in receiving additional information regarding the most common passwords list or want to request an interview, please contact us at [email protected] and we will get back to you shortly.

This information will be used by NordPass to respond to your inquiry as provided in our Privacy Policy, Privacy Policy (Business).