We need to start taking our passwords seriously, come on

Stop the presses: “password” is not a good password

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A raft of recent research has once again revealed that many of us are still absolutely terrible when it comes to creating strong password.

This includes a new report frompassword managerNordpass, which examined a database that totals over 3TB of compromised passwords and spans users from 30 countries in order to reveal thetop 200 passwords, ranking entries by how many instances were found, how easy they were to crack, in addition to popularity by country and, where possible, gender.

Perhaps unsurprisingly, Nordpass found that “password” remains the top choice, with “12345” taking the second spot worldwide.

NordPass Family:$11.87$2.79/month at NordPassSave 60%Get a digital life manager with NordPass, a password manager from one of the world’s biggest security firms for up to six premium accounts and unlike some competitors, its price remains the same after a year.

Weak password trends

The rest of the list is largely comprised of other variants of letters and numbers not-so randomly stuck together, with “quertyuiop” (the top letter row of most English-language keyboards), sitting at rank 36 globally.

Direct comparisons of the Nordpass data show that no one gender is more security conscious than the other, they simply make bad choices differently.

For example, in a comparison of the top ten passwords in the UK, males largely choose the names of football teams (“liverpool”, “arsenal” and “chelsea” are ranked fifth, sixth, and eighth amongst them, respectively), while women picked names (“charlie”, ranked third), places (“london”, seventh), or other outlying nouns (“chocolate” and “monkey”, eighth and ninth).

A separatestudyby password management company Specops Software, analysing over 800 million compromised passwords, also reveals that the ongoing FIFA World Cup is impacting password choices, with users opting for the names of international teams, past and present players, and other relevant but common terms.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

For example, over 1.3 million instances of “USA” as a password were recorded, while “kane”, for England star Harry Kane, appeared over 133,000 times - and even simply “soccer” appeared over 140,000 times.

Looking at Specops’ data with Nordpass’ gender divide in mind, it may well be offering an insight into password choices made, chiefly, by male users.

Also covering Nordpass’ report,9to5Googlefound that people have even turned to using the name of their phone manufacturer for its password.

At present, “samsung” is the 78th most popular password in the world, and “googledummy” ranks 145th. spelling trouble for the enormous number of people who swear by the bestAndroid,SamsungandiPhonesout there.

Keeping all your data secure

If you can pick your password out of a dictionary, atlas, other reference book, or read it off a keyboard, it’s a bad one, as it’ll only take a matter of seconds, minutes, or hours for a threat actor to crack, giving them unfettered access to sensitive data.

Passwords should be unique to you, if not completely randomized by apassword generatorand stored in a reputable manager.

Consumers should also consider the cutting edge biometric authentication standardPasskeys, currently built intoAppledevices, and implemented for other platforms byGoogleand1Password. At time of writing, these alternatives are in open beta and set to arrive in 2023, respectively.

Check out our list of the best business password managers right now

Many businesses are still just using passwords to stay safe

These are officially the worst passwords we’re all still using

WhileTechRadar Proreaders may be less likely to make common mistakes when securing their business’ tech stack, it raises uncomfortable questions about consumer security habits, and how that might affect the passwords that employees choose for themselves when offered the choice.

Organizations should also considermulti-factor authenticationas part of aZero Trustsecurity strategy, eliminating passwords entirely while still ensuring security.

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics