A study reveals the list of worst passwords of 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches.

Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected 500 million passwords in total and the results were disconcerting.

Over 2019, security experts reported several data breaches that affected billions of internet users, for example, the popular Collections #1-5 alone contained exposed 3 billion records. With data breaches becoming so commonplace, internet users need to step up their cybersecurity game.

The research conducted by NordPass revealed that bad habits continue to expose users to the risk of hack, users continue adopting weak passwords because they are easier to remember, and share them among multiple services online.

“The most popular passwords contain all the obvious and easy to guess number combinations (12345,111111,123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.). Surprisingly, the most obvious one — “password” — remains very popular; 830,846 people still use it.” reads the post published by NordPass.

Experts found that ‘12345’, ‘123456’ and ‘123456789’ are the most popular passwords, followed by ‘test1’ and, the ‘password’.

Other easy to predict common passwords are simple strings as ‘asdf’, ‘qwerty’, ‘iloveyou,’ along with simple numerical strings and common names. The data are quite identical to the ones reported in the studies on the worst passwords conducted by SplashData in the last years.

Below the Top25 list of the 200 most popular passwords shared by the experts:

Rank	Password
1	12345
2	123456
3	123456789
4	test1
5	password
6	12345678
7	zinch
8	g_czechout
9	asdf
10	qwerty
11	1234567890
12	1234567
13	Aa123456.
14	iloveyou
15	1234
16	abc123
17	111111
18	123123
19	dubsmash
20	test
21	princess
22	qwertyuiop
23	sunshine
24	BvtTest123
25	11111

Below recommendations provided by the experts:

Go over all the accounts you have and delete the ones you no longer use. You can use haveibeenpawned.com to check if your email was ever in a breach.
Update all your passwords and use unique, string passwords to protect your accounts. Adopt a password generator.
Use 2FA if you can.
Set up a password manager.
Be vigilant for suspicious activities and if you notice something unusual, change your password immediately.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – worst passwords, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.