The most hacked passwords in the world (an extensive report)

Douglas Mabiria  - Former Tech Reporter
Last updated: June 5, 2024
Read time: 14 minutes Disclosure
Share

We analyzed more than 20 million passwords and looked at the data from authentic surveys to compile this extensive list of the most hacked passwords.

THE TAKEAWAYS

From a database of over 20 million passwords, PrivacySavvy discovered numerous passwords repeating multiple times, showing how unrelated users unknowingly use the same, simple, and easy-to-crack passwords for their accounts, making it easy for hackers to target users worldwide.

Sometimes, it takes lots of money, time, coding skill, and technological infrastructure to hack an account or get a password. But, seldom, a good guess does the magic.

Today, millions of people fall prey to hacking by exposing their passwords, and others just create passwords that are too easy to guess. That’s why we decided to compile an exhaustive list of the most hacked passwords in the world so that you can watch out.

This post not only features the data from authentic organizations’ surveys, but our team of cybersecurity experts also analyzed over 20 million passwords that we collected from various worldwide databases. We organized the results in different lists (to make it better understandable for our readers), such as country-specific, on names, sports, musicians, and students.

Before you start, please note this post is not supposed to sensitize you about how to hack other people’s passwords. Instead, it’s about encouraging you to only use stronger and unique passwords.

Note: While on top of the organizations’ surveys’ data, we gathered data from leaks found on marketplaces, dark web sites, and hacking forums, but we only analyzed the data itself. Meaning no personally identifiable information such as banking details or usernames were compromised while preparing this report.

The 20 most used passwords in the world

Ironically, the most hackable passwords also happen to be the most popular. And to crack them, a hacker does not even need to use any infrastructure or skill as long as he can make a good guess.

This list will show you that people need to do better when it comes to creating their passwords. But, it’s not in any way intended to put you to shame but rather to educate you on passwords that you may want to strengthen.

You may also realize that the more complicated your password is, the harder it is to hack it. Yes, having a memorable password would help, but creating a complex one would be your top priority at this age.

You don’t want anyone to guess your password correctly. For this reason, it’s believed that using your favorite football team as your password is lazy. Seriously.

Names of celebrities or anything associated with you can easily be guessed, and you don’t want to give that power to malicious people.

According to the United Kingdom’s National Cyber Security Centre (NCSC), the worst passwords you can use are easy to crack. The report analyzed more than 23.2 million passwords, and they find some weird details. For instance, more than 100,000 hacked passwords are those that are recurring and popular among people.

In the worst passwords list, you might find it horrifying that many people even use qwerty or 123456, which is quite funny. Others use their own name or the same email username, which gives hackers an upper hand.

Here’s a list of the world’s most hackable passwords:

  • 123456 (23.2 million users)
  • 123456789 (7.7 million users)
  • qwerty (3.8 million users)
  • password (3.6 million users)
  • 1111111 (3.1 million users)
  • 12345678 (2.9 million users)
  • abc123 (2.8 million users)
  • 1234567 (2.5 million users)
  • password1 (2.4 million users)
  • 12345 (2.3 million users)
  • 1234567890 (2.2 million users)
  • 123123 (2.2  million users)
  • 000000 (1.9 million users)
  • Iloveyou (1.6 million users)
  • 1234 (1.3 million users)
  • 1q2w3e4r5t (1.2 million users)
  • Qwertyuiop (1.1 million users)
  • 123 (1.02 million users)
  • Monkey (980, 209 users)
  • Dragon (968,625 users)

Looking at the number of people using the above-listed ridiculously unimaginative internet’s most vulnerable passwords, we can only say, “It is just lazy.”

Top 5 names used as passwords

  • Ashley (432,276 users)
  • michael (425,291 users)
  • Daniel (368,227 users)
  • Jessica (324,125 users)
  • Charlie (308,939 users)
  • princess
  • sunshine

Top 5 football teams’ passwords

  • Liverpool (280,723 users)
  • Chelsea (216,677 users)
  • arsenal (179,095 users)
  • manutd (59,440 users)
  • Everton (46,619 users)

Top 5 musicians’ names as passwords

  • blink182 (285,706 users)
  • 50cent (191,153 users)
  • Eminem (167,983 users)
  • Metallica (140,841 users)
  • slipknot (140,833 users)
  • Top five fictional characters
  • superman (333,139 users)
  • naruto (242,749 users)
  • tigger (237,290 users)
  • pokemon (226,947 users)
  • batman (203,116 users)

Most common passwords in Germany

Germans show a massive preference for numeric passwords that start with 123. In fact, these numerical passwords form half of the top 20 most used passwords in Deutschland.

  • 123456789
  • 12345678
  • 12345
  • 1234
  • 123
  • 1234567
  • 1234567890
  • 1q2w3e4r
  • sommer
  • schalke04
  • hallo123
  • hallo
  • passwort
  • lol123
  • qwertz
  • ficken
  • arschloch
  • killer
  • dennis

Looking at the Germany’s data we found that users from the country use some of the most insecure passwords.

Most commonly used passwords in France

The French version of qwerty is azerty, and it’s the topmost used password in the country. Then, Francais phrases such as bonjour, jetaime, maraseille, chocolat,discouragingthat, and soleil come in to share the fame.

Lately, there’s been increased attention towards numerical patterns such as passwords. However, they only form about three numerical passwords among the top twenty.

A good explanation is that French keyboards need you to press Shift+number to get the number you want, discouraging many users from using numerical patterns in their passwords.

  • azerty
  • loulou
  • doudou
  • badoo
  • soleil
  • 123456789
  • nicolas
  • motdepasse
  • chocolat
  • camille
  • marseille
  • 123456
  • 010203
  • azertyuiop
  • chouchou
  • bonjour
  • jetaime
  • alexandre
  • coucou
  • caramel

Russia is quite a different country. When they are not using their “vernacular” characters, they concentrate on numerical patterns on the keyboard.

And, as a fun fact, Russian users are the least likely in the world to use any meaningful phrases as passwords.

  • qwerty
  • qwe123
  • 111111
  • cheque
  • 1q2w3e4r
  • 1234567890
  • 7777777
  • 1q2w3e
  • 1q2w3e4r5t
  • 123123
  • 123456
  • qwertyuiop
  • 123456789
  • klaster
  • 1qaz2wsx
  • qazwsx
  • 1234567
  • 123321
  • 123qwe
  • zxcvbnm

Italy’s easy passwords list

Italians love their football clubs to the extent they use their names as passwords. Then, their romantic names also feature significantly in the list of the most popular passwords in Italy:

  • 123456
  • juventus
  • 12345678
  • francesca
  • giuseppe
  • francesco
  • qwertyuiop
  • stellina
  • federica
  • lorenzo
  • 123456789
  • password
  • ciaociao
  • alessandro
  • martina
  • valentina
  • antonio
  • federico
  • giovanni
  • asdasd

Most common passwords in the USA

Americans are more diverse than others regarding passwords; they use common words, sports, and numeric and keyboard patterns.

A quarter of the top USA passwords contain an exact match of “qwerty” and its variations.

Below you go with the most common passwords in the USA:

  • password
  • 123456789
  • 1234567
  • 12345
  • 1234
  • qwertyuiop
  • 1qaz2wsx
  • iloveyou
  • qwerty
  • letmein
  • 123456
  • 12345678
  • password1
  • 1234567890
  • qwerty123
  • 1q2w3e4r
  • superman
  • qwerty1
  • 123456a
  • football

Spanish people seem to love their La Liga teams and numbers. In fact, more than 70% of passwords used in Spain have numerical patterns. Then, two of the five top phrases are popular football clubs.

  • 123456789
  • 12345678
  • 1234567890
  • 1234567
  • 123456a
  • 654321
  • 123123
  • 555555
  • alejandro
  • a123456
  • 123456
  • 12345   
  • 111111
  • 000000
  • barcelona
  • 666666
  • 159159
  • realmadrid
  • mierda
  • tequiero

University and college students normally don’t pay attention to their .edu email. In fact, they just assume it’s only essential for studies. So, they have some of the most insecure passwords. For instance, three out of the top 5 passwords constitute easy guesses, such as patterns, first names, and sporting activities.

And, given the technological expertise that university students are expected to have, it’s fair to say that they don’t regard emails and online learning with enough reverence.

Here are the most common .edu passwords:

  • 123456
  • 123456789
  • 12345
  • football
  • 123123
  • soccer
  • 1234
  • sunshine
  • monkey
  • princess
  • 1234567
  • password
  • secret
  • password1
  • baseball
  • abc123
  • qwerty
  • basketball
  • ashley
  • 12345678

Top 50 most common Wifi passwords

When people are creating Wi-Fi credentials, they tend not to pay attention to a “hideous” strong password.

Instead, they just play around with the keyword for a pattern. The majority of these passwords are letters and numerical patterns. Other people just write variations of their names as passwords.

Some passwords aren’t so easy to guess. However, there are several noobs who just like to keep them easy for memory. Here are popular wifi passwords worldwide:

  • 12345678
  • 1234abcd
  • password
  • password.
  • 123456789.
  • 111111111
  • 1234567890
  • Passwords.
  • 12341234
  • 1234512345
  • 0000000000
  • letmein
  • 77777777
  • 66666666
  • 99999999
  • loversloveme
  • hatershateme
  • 123456789
  • abcd1234
  • Password
  • abcdefgh
  • 12345678.
  • 11111111
  • 1111111111
  • Passwords
  • iloveyou
  • 123123123
  • 00000000
  • logmein
  • password1
  • 88888888
  • 55555555
  • hatersloveme
  • PASSWORD
  • ###123###
  • inksys
  • belkin54g
  • Apple Network 0273df
  • admin   
  • password
  • NETGEAR
  • MiniAP
  • public
  • user
  • (blank)/(none)

10 most common Facebook passwords

As a social platform, Facebook attracts passwords that are similar to its purpose.

Many users typically create passwords about things that they hold close in their lives. For instance, it could be a pet name, birthday, candy, car, ice cream, or relative.

Here are some of the most popular Facebook passwords people have around the world.

  • Dragon
  • Princess
  • Sunshine
  • Password
  • 654321
  • Monkey
  • Donald
  • Nothing
  • Welcome
  • 999999

Why not use the most commonly hacked passwords

Companies’ data getting breaches are common in this age. If you don’t take enough questions, you might be a victim. Creating strong passwords will help protect your privacy.

Some of the most vulnerable targets of hacking and passwords theft include Facebook, Netflix, and even British Airways. Some companies aren’t doing enough to protect their customers’ data, but; we also have to take the blame for creating passwords that are easy to guess.

If you find your password on this list, it goes without saying that you must change it immediately. You might need a few guidelines to develop strong passwords; those tips are provided at the end of this guide.

Quick facts about the most hacked passwords in the world

Most hacked passwords

As noted in the beginning, we collected over 20 million passwords from different databases and sources–and analyzed them. Here is the recap of the shocking details we found:

  • The most hacked password in the United States of America is the password.
  • Germany’s most popular password is 123456.
  • The most hacked Russian password is qwerty.
  • Most internet users create passwords from keyboard patterns. In fact, 25% of the most common passwords are simply keyboard patterns such as qwerty, 1q2w304r, and zaq12wsx.
  • More than 60% of passwords are from repetitive numeric patterns—for example, 123456 and 111111 or 741852963.
  • Germany and Spain lead to the use of numeric patterns as passwords.
  • Russians use keyboard patterns more than any other country in the world.
  • Greetings are popular words in every country. In fact, they only translate the word hello in their language and use it as a password.
  • The word password and its variations from the most popular credentials.
  • Countries with large numbers of football fans use major teams as their passwords. In England, for example, Liverpool has the highest number of club name passwords. In Italy, Milan and Juventus lead the pack. And in Spain, Real Madrid, Barcelona, and Athletico are used as passwords heavily.
  • 4.2% of passwords are a replica of the name used in the email. Italians are 4.13%, Russians 3.79%, and Germans 2.5%.
  • Then, about 0.03% of worldwide populations use their first name and numbers as passwords. Even though adding numeric patterns to your password sounds like a great thing, it becomes easy to guess if you’re still using your name.
  • Over 1% of the people used passwords from religious leaders in the year culture. For instance, Christ and Jesus head more than 7000 mentions in the password.
  • Others concentrate on famous brands such as Apple, Samsung, Google, and LG.
  • More than 4000 of the passwords we analyzed had friends as the password.  Another 2300 used Star Wars. Other TV shows took a huge chunk of the passwords.
  • Cristiano Ronaldo, CR7, and other popular sports personality variations also appeared conspicuously, with more than 1250 mentions.
  • Italian and American populations are more likely to use first names or words, their birth years or emails as passwords. In fact, 4% of users in the world follow this trend.
  • The phrase ‘I love you‘ is widely used as a password by populations worldwide after it gets translated into local languages.
  • Numerical patterns and numbers are popular when people are signing up for a mobile phone website or a contact management application on their phone.

Most common phone patterns

Some people prefer to use or draw patterns on their phones to unlock. With the Iris recognition, the patterns are losing their place, but many people still prefer it.

Pattern locks get unlocked after a user draws an easy pattern that he can remember. 77% of people start drawing their patterns from the corner. 44% of people start drawing the patterns from the top-left nodes of their screen. In most cases, people only touch five nodes.

Another characteristic of most parts is that they move from left to right and top to bottom.

A study by the Norwegian University of Science and Technology shows that the probability of touching any of the nodes is as follows:

Number of nodesNode combination
41624
57152
626016
772912
8140704
9389112

Most people are looking for patterns they can remember. So, the shapes tend to be informal drawings of a popular symbol used. For instance, people tend to draw the cross or letters X, M, N, or Z and other letter patterns.

To secure Android or any other mobile device, whenever you are creating a pattern to unlock your phone, make sure to remember these three important things:

  • First, when you draw a pattern, those near you will likely see what you’re doing and copy it.
  • Two, smart people just need to tilt their phones. Then, your screen will show the path your fingers followed when drawing the pattern.
  • Three, people are looking for a simple pattern that they have seen with other users.

Research shows that men are likelier to have complicated Android phone lock patterns than women. Meaning it is more challenging to unlock a man’s phone than a woman’s.

We recommend not relying on patterns to protect your phones as they are more predictable than many users think. As per a study conducted by Lancaster University, it only takes five attempts to crack an Android device’s pattern.

Most common password mistakes you could be making

You’ve already seen that just because you have a password doesn’t mean your device is safe. Your data needs to be protected, and that’s why we are noting inevitable mistakes you could be making:

Using the same password on all platforms

Reusing passwords is a common password security mistake today; people are continually making it.

When you use the same password for Facebook, Twitter, and Instagram, it only means that if somebody hacks your Facebook account, they will have all the others as well. This is a recipe for disaster that needs to be stopped.


Using a password that’s similar to your username

Creating a unique password helps avoid situations where it can be easily guessed. If your password is the same as your username, it will more likely give hackers an upper hand.


You’re sharing your password

Humans are very vulnerable to trusting others too easily. And, sometimes, we give our passwords willingly to people who we think we trust. Ironically, studies show that Americans share passwords with their wives and other close family members.

But we have to agree that the very fundamental reason we have a password in the first place is that we want to stay safe. It is supposed to be personal, and you shouldn’t share it with anyone else. The more people that know your password, the easier it is to leak.


Using others’ devices to log into your account

On top of using our friends’ and families’ devices, some people like to use cybercafes to create or log into their accounts.

But, we have to admit that there are many problems with that because, in the end, you are giving away your data to someone else. Others can even tweak their devices to store the passwords, and they might eventually reveal your secrets.

Some of these devices can also have a keylogger to ensure everything you type gets stored.


Using public WiFi

Public networks are unsafe, especially when using high-level secrecy passwords. If you want your password to be safe, you must avoid public devices or WiFi.

Once you do anything online using public networks without any protection, it will be seen by the ISP provider. If the provider is malicious, they might draw patterns or profile you to try and find out your password.


Short password

The shorter your password, the higher the probability of guessing it right.

For instance, if your password consists of only four numbers, the probability of guessing is 9999. And when yours has got eight numbers, then the difficulty of getting it increases to 1 out of 99999999.

A positive note: Most of the passwords that we analyzed in this report would not be allowed to be used by top websites today as they have password strength checks in place.


Using your favorite phrases

Social engineers can listen to what you say or look at your interests and then make a good guess about what your password could be.

These individuals are intelligent enough to draw patterns depending on words and phrases they like to repeat and the names of their girlfriends, pet, or favorite movie. If any of these form your password, then you’ve already given it away.


How to create a password that’s hard to crack

You might think your password is strong, only to find that many others also use it.

If you want to stay safe online, you must create a unique password for every service you create your account on. Using special characters in your password will make it difficult to guess.

The good thing is that most platforms encourage you to create a password with numbers, letters, and punctuation characters that people cannot guess easily.

And, because some of the accounts have sensitive details, you need to use different passwords for different platforms so that if someone hacks one of them, they don’t get access to any other account.

It is highly recommended that you do not reuse your credentials or passwords. If you want to create strong passwords, you can just create one line of a song you like. And in case you are not good at remembering stuff, you can rely upon a password manager or application that will store your credentials. Below you go with some tips on password security:

  • Never log into your sensitive accounts using someone else’s device, such as a bank. Some phones and computers are set up to record your password. That exposes your credentials and compromises your accounts.
  • Combine alphabets, numbers, punctuation matters, spaces, and special characters in your password.
  • Write your password in a language not spoken by many people. For example, you could write “#GwithirimukwoNiHeho7!” an African version of “It’s so cold I’m shivering.” The goal is to ensure your password is as unique as possible.
  • After you have created a password, run it against databases to check whether it’s common. If you find it with others, it can also be guessed easily, and you must change it.
  • Don’t reuse passwords. Your Netflix password should be different from that of your Facebook. Having the same password across all accounts gives malicious hackers the upper hand in compromising all your online activities.
  • Your password should never be anything close to your username or email.
  • Never share passwords with anyone. A recent Kill the Cable Bill survey shows that nearly half of Netflix users share their passwords with friends and relatives. The people you share your passwords with can draw trails to try signing in to your other accounts using variations of your password.
Share this article

About the Author

Douglas Mabiria

Douglas Mabiria

Former Tech Reporter
26 Posts

Douglas is a freelance writer with over six years of experience in article and blog writing who has written in almost every industry with cybersecurity being his primary interest. Mabiria is an advocate for internet privacy, sustainable development, and a green environment. He is very social and enjoys trying new sports as well as implementing new ideas.

More from Douglas Mabiria

Comments

No comments.