The worst password in the world is “123456,” followed by “123456789” and “12345678.”

All three passwords can be cracked by thieves in less than a second, according to the latest analysis from the password management company NordPass, which reviewed passwords stolen by malware or exposed in data leaks in 44 countries. 

What You Need To Know

  • The worst password in the world is “123456,” followed by “123456789” and “12345678," and all three passwords can be cracked by thieves in less than a second, according to the latest analysis from the password management company NordPass, which reviewed passwords stolen by malware or exposed in data leaks in 44 countries

  • Other popular and easy-to-crack passwords include "password," “secret,” “qwerty” and “111111” 

  • NordPass says the best ways to improve a password’s safety is to make it at least 20 characters long and to include a mix of uppercase and lowercase letters, numbers and special symbols

For five out of the past six years, “123456” has claimed the top spot on the NordPass list. “Password” ranked first once. For 2024, “password” ranked fourth among personal passwords and fifth among corporate passwords.

“It just goes to show that, at the end of the day, people are people — no matter where they are or what they’re up to, they share the same poor password habits" by relying on the same weak passwords for both their personal and work lives, NordPass said in a statement accompanying the analysis.

Other popular and easy-to-crack passwords include “secret,” “qwerty” and “111111,” all of which also take less than a second to break into.

NordPass says the best ways to improve a password’s safety is to make it at least 20 characters long and to include a mix of uppercase and lowercase letters, numbers and special symbols. The company recommends against using personal information such as birthdays, names and common words.

Reusing passwords for multiple sites and services also runs the risk of several accounts being compromised if the password is hacked.