Forbes contributors publish independent expert analyses and insights.
Passwords can't live without them, oh, hold on, actually you can. Passkeys are way more secure, and increasingly, platforms, products, and services are making them available to users. That's the good news. The bad news is that, for hundreds of millions of users supposedly securing billions of accounts, weak and easily compromised passwords remain the reality. With lists of such compromised passwords readily available on the criminal underground and even the surface web, using one of the 200 most commonly used, and therefore most dangerous, passwords is tantamount to handing the keys of your account to hackers. If your passwords are on this list, they most certainly are getting in.
There is no shortage of compromised and leaked password lists floating around the web, dark or surface, if you care to go and look. And, believe me, threat actors know exactly where to find the most valuable of them, available in credential-stuffing, password spraying, format for a small fee. That, dear reader, is the sorry state of login security today. It's why the likes of Google are urging users to replace passwords with passkeys. If you can't, and you are stuck with using passwords, then, please, at least make them long, strong and secure. Use a password manager to create random password strings that are too complex for you to remember, because you won't have to remember them. Use passphrases; use anything other than the 200 dangerous passwords on this list.
Compiled jointly by NordPass and NordStellar, the 200 most used and dangerous passwords to use list emerged from an analysis of a 2.5TB database of passwords found on the dark and surface webs, across 44 countries in total, and stolen by malware or exposed in data leaks. "We focused only on the statistical information," the researchers said, "so no personal data from internet users was included in this research."
Let's tease the results out a little by starting with the 10 most dangerous passwords that were attributed to U.S. users:
Interestingly, this features nine of the ten most used passwords globally, but in a different order. The only unique password, as far as the U.S. is concerned, was the (not so) highly original password1. A rubbish password that featured at number 17 in the global list.
OK, so let's move on to the global list, of which I'll just focus on the first 50 -- please use the already provided link to access the full database of 200.
Needless to say, if any of your passwords appear here, or in the full list, then change them as a matter of some urgency, and while doing so, give your neck a wobble for using them in the first place. What were you thinking?