Research reveals both netizens and corporate employees love the same passwords: 40% are identical.
This year, the most common password in Ireland is “123456”, and it ranks first worldwide.
NordPass has released the sixth edition of its annual Top 200 Most Common Passwords research, revealing the most common passwords worldwide and in 44 countries separately. This year, NordPass also checked how corporate passwords people use to secure work accounts differ from those for personal accounts.
Individual users’ passwords in 2024 — what changed in a year?
Below are the top 20 most common passwords in Ireland. The full list is available here.
- 123456
2. password
3. qwerty123
4. liverpool
5. qwerty1
6. 123456789
7. qwerty
8. password1
9. 12345678
10. liverpool1
11. ireland
12. 12345
13. 1234567
14. abc123
15. Password1
16. Password
17. 1234567890
18. arsenal
19. football
20. champion
The sixth time’s definitely the charm, but not when investigating people’s personal passwords. NordPass, which partnered with NordStellar to run the study, concludes that this year’s list again includes the worst possible choices for passwords. However, some trends are radically new and worth exploring.
— Almost half of the world’s most common passwords this year are made of the easiest keyboard combinations of numbers and letters, for instance “qwerty,” “1q2w3e4r5t,” and “123456789.” Vietnam is no exception here, with such passwords leading the list.
— In South Africa, “123456” holds the top spot as the most popular password, aligning with a global trend where this simple sequence remains the go-to choice in many countries.
— With experts repeatedly urging internet users to make their passwords stronger, many seem to have misunderstood the assignment. The popularity of “qwerty” has been challenged by similarly weak “qwerty123,” which is now the most common password in Canada, Lithuania, the Netherlands, Finland, and Norway. In Ireland, this password also made a huge jump this year, reaching the top three.
— The word “password” can now be considered one of the most common and enduring passwords. Year after year, it ranks at the top of every country’s list. In Ireland, it is the second most-used password. For the British and Australians, it is the number one choice.
— Irish passwords reveal a strong connection to sports and national pride. Terms like “liverpool,” “arsenal,” “football,” and even “champion” appear prominently, showing the influence of beloved teams and a passion for the game. Additionally, “ireland” makes the list, adding a patriotic touch. This combination of sports references and national identity indicates that many Irish users lean toward familiar, meaningful words, even when it comes to digital security.
According to NordPass’ study 78% of the world’s most common passwords can be cracked in less than a second. Compared to last year (with 70%), this tells that the situation has worsened.
Corporate passwords are just as bad
Digging deeper, in this year’s edition of NordPass’ annual Top 200 Passwords study, researchers additionally investigated how the passwords used both for personal and work use differ. The results are surprising — 40% of the most common passwords used among individuals and business representatives are the same.
Nevertheless, experts noted some interesting differences too. Default passwords such as “newmember,” “admin,” “newuser,” “welcome,” and similar are more commonly used for business accounts. Passwords presumably created for new users with an idea that they will change them, such as “newpass” or “temppass,” also often get leaked because people are not big fans of changing their passwords.
“No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person. This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online,” says Karolis Arbaciauskas, head of business product at NordPass.
Hidden dangers
According to the previously conducted survey by NordPass, on average, a single internet user has 168 passwords for personal use and 87 passwords for work use. While managing this load is simply too complicated for most, experts say that it is only natural that people tend to create weak passwords and, of course, reuse them.
However, weak passwords created by company employees serve hackers because with brute-force, dictionary, or similar large-scale attacks they can gain easy access to the company’s internal IT systems. In another common scenario, hackers break into the company using the leaked personal credentials of an employee just because they used the same passwords for both personal and work accounts.
How to properly manage your passwords for work and personal use
To avoid falling victim to cyberattacks because of irresponsible password management, Arbaciauskas recommends following a few simple but effective cybersecurity practices.
— Create strong passwords or passphrases. Passwords should be at least 20 characters long because the latest studies show that longer password length can do wonders. A secure password consists of a random combination of numbers, letters, and special characters. Alternatively, you can use a passphrase. Imagine it as a long string of random words — it shouldn’t be a line everyone knows.
— Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets stolen, hackers can use the same credentials for other accounts.
— Switch to passkeys wherever possible. Passkeys are considered the most promising alternative to replace passwords for good. Most modern online service providers, including Google, Microsoft, and Apple, offer passkey support for their clients.
— Set up a password policy in your organization. Password managers allow companies to safeguard their credentials and effectively manage them, setting up password rules within the organization. Multi-factor authentication (MFA) requirements should also be considered when adopting a password policy.
