Back to Blog Main

You Won’t Believe The Top 10 Worst Passwords Still In Use

Passwords are your first line of defense against unauthorized access to your personal information.
  • Anti-Tank
  • Artillery
  • Atmospheric Aviation

During 2020, a staggering 36 billion records were exposed by data breaches. Yet, millions of people continue to use “123456” as their password.

Researchers at NordPass, a password manager, have ranked the most used and least secure passwords. Armed with a database of some 275 million passwords leaked due to data breaches, NordPass researchers have arranged passwords by how many times it has been exposed, used, and how much time it would take to crack it. If any of the passwords below look familiar, update your account login details immediately.

Let’s take a look at the worst passwords that people are still using today:

10. Senha
9. 1234567890
8. 12345
7. 123123
6. 111111
5. 12345678
4. password
3. picture1
2. 123456789
1. 123456

As if 2020 didn’t bring enough disappointment, our password choices left a lot to be desired. You can find the complete list of the worst passwords at 

Your passwords protect sensitive data, so creating a strong and unique password is a significant priority. Here’s how to create a strong password that you can remember:

  • Create a base password of at least six characters. 
  • Then add some characters from the related website to create your password. 
  • For example, if the base password is “XP2#z%” and your account is at, your password for that account would become “XP2#z%Ac” adding the first two characters of the website to the end. 

For even more password protection tips, keep reading.

  • Keep passwords to yourself, and never share them.
  • Include letters, numbers, and special characters.
  • Use two-factor (2FA) or multi-factor authentication (MFA) when available, as they provide additional layers of security when logging in.
  • Be aware of others watching when you type a password.
  • Always log out, and close the browser window when done.
  • Check password strength if a website offers a strength analyzer when creating an account.
  • Avoid using passwords with unsecured Wi-Fi as they can be intercepted and stolen.

Apply these rules to all of your current and future accounts, and you will have a strong, unique, and easy to remember password for every one of them.