Reports

A study reveals the list of worst passwords of 2019

RokuRoku

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches.

Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected 500 million passwords in total and the results were disconcerting.

Over 2019, security experts reported several data breaches that affected billions of internet users, for example, the popular Collections #1-5 alone contained exposed 3 billion records. With data breaches becoming so commonplace, internet users need to step up their cybersecurity game.

The research conducted by NordPass revealed that bad habits continue to expose users to the risk of hack, users continue adopting weak passwords because they are easier to remember, and share them among multiple services online.

“The most popular passwords contain all the obvious and easy to guess number combinations (12345,111111,123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.). Surprisingly, the most obvious one — “password” — remains very popular; 830,846 people still use it.” reads the post published by NordPass.

Experts found that ‘12345’, ‘123456’ and ‘123456789’ are the most popular passwords, followed by ‘test1’ and, the ‘password’.

Other easy to predict common passwords are simple strings as ‘asdf’, ‘qwerty’, ‘iloveyou,’ along with simple numerical strings and common names. The data are quite identical to the ones reported in the studies on the worst passwords conducted by SplashData in the last years.

Below the Top25 list of the 200 most popular passwords shared by the experts:

RankPassword
112345
2123456
3123456789
4test1
5password
612345678
7zinch
8g_czechout
9asdf
10qwerty
111234567890
121234567
13Aa123456.
14iloveyou
151234
16abc123
17111111
18123123
19dubsmash
20test
21princess
22qwertyuiop
23sunshine
24BvtTest123
2511111

Below recommendations provided by the experts:

  1. Go over all the accounts you have and delete the ones you no longer use. You can use haveibeenpawned.com to check if your email was ever in a breach.
  2. Update all your passwords and use unique, string passwords to protect your accounts. Adopt a password generator.
  3. Use 2FA if you can.
  4. Set up a password manager.
  5. Be vigilant for suspicious activities and if you notice something unusual, change your password immediately.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – worst passwords, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: Hackinghacking newsinformation security newsPierluigi PaganiniSecurity AffairsSecurity NewsWorst passwords
5 years ago

Recent Posts

Two flaws in vBulletin forum software are under attack

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being…

14 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

16 hours ago

Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…

19 hours ago

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…

2 days ago

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

2 days ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

3 days ago