The Most Common Passwords of 2022

May 26, 2023

Why passwords are important?

Passwords are the gatekeepers to our digital existence, granting access to various services such as streaming platforms, bank accounts, and social media messaging.

Frequently, sensitive information like credit card details and personal data is stored in these accounts, making them a prime target for cybercriminals.

The last June, it was revealed that a staggering 24 billion combinations of usernames and passwords were being circulated in online criminal markets. Cybercriminals employ various methods to obtain passwords:

Phishing: This is one of the oldest tricks in the book. Scammers will impersonate a trustworthy entity by contacting you via email, text, or phone. They will devise a plausible excuse for why you need to re-enter your login details or other personal information for a particular service, then steal it for themselves.

Brute force: Hackers use automated tools to conduct trial and error attacks in an attempt to crack access to accounts. They often start by entering common passwords to see if they can find a match.

Credentials theft: Hackers buy previously hacked passwords from the criminal underworld and use them to conduct bulk attacks across multiple sites and apps simultaneously.

Keyloggers/Info-stealers: Malware, sometimes distributed via phishing emails or mobile apps, can secretly harvest passwords as they are typed. This type of attack can go unnoticed by the user.

Shoulder surfing: occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.

In 2021, counterfeit debit card transactions exceeded $32 billion, and this number is projected to rise to $38.5 billion by 2027.

Regrettably, a vast number of internet users are making it incredibly easy for cybercriminals to exploit their accounts. Shockingly, data from password leaks in various information security incidents reveal that “Password” is the most prevalent password used in 30 countries, with almost five million occurrences. “123456” and “123456789” are close contenders, securing second and third place respectively, with “guest” and “qwerty” completing the top five. It’s important to note that most of these passwords can be cracked in under a second, leaving users vulnerable to unauthorized access.

You can find the complete list of top 20 passwords for 2022 on NordPass’s website, but here’s a brief summary of the findings:

#The Password
1password
2123456
3123456789
4guest
5qwerty
612345678
7111111
812345
9col12345
10123123
111234567
121234
131234567890
14000000
15555555
16666666
17123321
18654321
197777777
20123

Reusing passwords, writing them down in an accessible location, or sharing them with others can make it incredibly simple for hackers and fraudsters to gain unauthorized access to our personal and professional information. Moreover, if we utilize the same password for both our work and personal accounts, we may inadvertently put our employer at risk of a cyber-attack. In the event of a data breach, this could result in severe repercussions, especially if corporate information is stolen by malicious actors.

Simple Steps to Improve Password Security

Thankfully, there are several measures we can take to enhance password security, and the advantages of doing so are immediate and significant for our digital well-being:

  1. Create complex and unique passwords or passphrases to make it more difficult for hackers to crack them.
  2. Avoid reusing passwords, as hackers can use compromised passwords to access other accounts and services.
  3. Never share passwords with anyone, as this could lead to misuse and compromise.
  4. Close any unused accounts, as they can pose a security risk if they are hacked without your knowledge.
  5. Use a password manager to store and generate strong passwords, and remember only one master password.
  6. Regularly check the strength of your passwords and update weak or old ones.
  7. Enable two-factor authentication (2FA) if possible, adding an extra layer of security with authentication factors such as a face scan, fingerprint, or one-time access code.
  8. Use reputable security solutions to safeguard against data thieves, malware, phishing attacks, and other threats.
  9. Do not click on suspicious links in unsolicited emails and text messages. If in doubt, contact the sender directly through a separate channel, instead of responding to the message.

You may also find interesting…

5 Tips for SOC Analysts to Monitor and Mitigate Threats

5 Tips for SOC Analysts to Monitor and Mitigate Threats

Monitoring has a pivotal role in safeguarding your organization's digital assets. While building a fully equipped SOC may present challenges for many companies, there are fundamental practices that can significantly enhance your capabilities. In this article, I'll...

AI and Machine Learning in Cyber Security Operations

AI and Machine Learning in Cyber Security Operations

We often say that the cyber security landscape is always changing, and threats are constantly evolving. Over the last year, those statements have been widely confirmed by the rise of consumer AI tools, which allow users to create content just by text commands. Just at...

Threat Detection and Modern Response Methods

Threat Detection and Modern Response Methods

Keeping your business secure often relies on two main factors – how you detect threats and how you respond to them. In order to protect your assets, you need to have very specific answers to both of those questions. While using several predefined methods was enough...

Subscribe