The worst passwords 2022 are here — most can be cracked within a second

Despite the growing cybersecurity threats, the one area that is within easy reach seems to be also the one that gets ignored the most.


The annual list of ‘worst passwords’ is out. Cybersecurity company NordPass has announced the ‘Most common passwords’ of 2022 list.


NordPass worked with independent cybersecurity specialists and evaluated a 3-terabyte database of cybersecurity incident research across 30 countries this year.


The study noted a recurring pattern that has persisted over the years — people tend to use numbers in sequence and base their passwords on themes like current events, fashion brands, and sports.


“Here are the top 200 most common passwords in 2022. We learned that despite growing cybersecurity awareness, old habits die hard. The research shows that people still use weak passwords to protect their accounts. This year, we looked at how culture impacts passwords. Explore the list now,” NordPass said in a statement.


This year “password” was used nearly five million times in their sample, eclipsing all other weak passwords by a significant margin.


Though password choices have not changed much from year to year, NordPass’s 2021 sample was slightly different. Then, the password “123456” topped global rankings, and “password” was second, but number sequences were just as popular as they are now.


As such, the majority of the 200 other passwords in this year’s study mainly comprise number sequences starting with “123,” or variations like a string of zeros, ones, or other numbers. Other weak examples included “iloveyou,” “football,” and “samsung.”




Most of the passwords in the top 200 list could be cracked — or hacked — in less than one second. Some, like “guest” and “col123456,” take around 10 seconds, while others, like “Groupd2013”, can take up to 3 hours.


However, longer passwords such as “9136668099” take 4 days to crack, the study showed. This proves that passwords that are ten characters or longer — but not in a typical sequence — are immeasurably safer.




Users tend to get inspired by current events when creating their passwords. “There’s more than one way to get swindled on Tinder,” NordPass said, referencing the use of the dating app as a password 36,384 times in the study. “Using ‘tinder’ as your password is riskier than swiping right on a billionaire.”


Users were also inspired by events like the Oscars resulting in the password “Oscars” being used 62,983 times. Popular films and shows such as Encanto, Euphoria, and Batman which were released between 2021 and 2022 are still popular password choices, NordPass said. For instance, the password “batman” was used 2,562,772 times.


“While the worst passwords may change every year, human beings are creatures of habit. Every year, researchers notice the same pattern — sports teams, movie characters, and food items dominate every password list,” the study said.




Using easily guessable credentials is one thing, but reusing them across multiple accounts can unfold into large-scale hacking campaigns and personal compromise. A recent study by password manager Dashlane said over 50 percent of passwords are reused globally.


For instance, hackers can breach millions of accounts by “stuffing” websites with stolen, weak credentials via automated programs — a.k.a a credential stuffing attack. Credential lists can often end up for sale on the dark web, which can easily be purchased by anyone for  cryptocurrency.


In one such case in September, hackers were able to breach Microsoft Exchange servers — used by millions of enterprises worldwide primarily for email — and deploy malicious applications onto these servers to target users with phishing emails which can lead to financial theft or identity fraud.


Another example — among the biggest cybersecurity incidents to make the news this year — was this month’s Australian Medibank hack, which the company’s CEO said may have been caused by a stolen password.


Password security is vital. To make malicious actors’ lives more difficult, use password managers, which can store all of your passwords in a secure locker as well as create complex and secure passwords for your accounts.


Source: NordPass

Related Posts


Security skills and certification gap behind intensified attack impacts

Organizations are increasingly attributing security breaches to a skills gap, while as a validation of current cybersecurity skills and knowledge, certifications continue to be highly valued by employers, according to Fortinet’s recent report.   Fortinet surveyed over 1,850 IT and cybersecurity decision-makers for its 2024 Global Cybersecurity Skills Gap Report. It found that 87% of […]


Survey Reveals Alarming Trend: half of cybersecurity professionals expect to burnout in the next 12 months

MultiTeam Solutions, a leading human-centered cybersecurity teamwork development company, has shared a concerning statistic – half of cybersecurity professionals are expecting to experience burnout within the next year. This revelation comes from a new report titled “Stress & Burnout in Cybersecurity: The Risk of a Thousand Papercuts,” based on a survey of 173 international cybersecurity […]


Supply Chain Attacks Top Cyber Threat for 2030 – ENISA

The European Union’s leading cybersecurity agency predicts that ‘Supply Chain Compromise of Software Dependencies’ will be the most prominent cyber threat in 2030   Software supply chain attacks are the most concerning threat EU organizations could face in 2030, according to the European Union Agency for Cybersecurity’s (ENISA’s) 2024 update of its Foresight 2030 Threats. […]

Leave a Reply

Your email address will not be published. Required fields are marked *