50 Most Common Passwords of 2024—Are Yours on the List?

Updated: Jun. 18, 2024

If you use one of the most common passwords, you're an easy target for hackers. Here's how to stay safe.

Stop me if this sounds familiar: You’re setting up (yet another) online account when you’re prompted to enter a password. Sigh. It’s just easier to go with one of your most common passwords, am I right? Maybe you’ll include the word password in there—no chance of forgetting that!—and 123 if numbers are required. Or perhaps you go with your kid’s or pet’s name and an easy-to-remember date, like a birthday or anniversary. Done and done.

Not so fast! “If a password is frequently reused or easy to guess, bad actors can more easily gain access to email, banking and social media accounts, resulting in identity theft and financial loss,” says Gary Orenstein of Bitwarden, a popular password manager. “Recent examples, like the Microsoft and 23andMe breaches, illustrate the consequences of weak password use, with attackers employing password-spraying and credential-stuffing attacks using easily guessed or reused credentials respectively.”

We’ll come back to those scary-sounding attacks in a bit. For now, here’s the most important takeaway: Weak passwords will cost you, sometimes literally. That’s why I’m diving in to the data on the most common passwords. Ahead, three cybersecurity and data-privacy experts help me explain how hackers get your passwords and offer tech tips for keeping yours out of the hands of bad actors.

Get Reader’s Digest’s Read Up newsletter for more tech, travel, cleaning, humor and fun facts all week long.

About the experts

  • Iskander Sanchez-Rola is the director of privacy innovation at Gen, the cybersafety network behind brands such as Norton and LifeLock. He is a highly awarded professional specializing in innovative cybersecurity strategies.
  • Gary Orenstein is the chief customer officer at Bitwarden, the company behind one of the top password managers. He appears frequently in the news as an expert on topics related to cybersecurity, including password management, passwordless technology, identity protection and social-engineering attacks.
  • Gediminas Brencius is the head of product at NordPass, part of the Nord Security family of solutions, which creates password managers for consumers and businesses. He has a decade of product-management experience and has specialized in cybersecurity products for the past six years.

Why do strong passwords matter?

Easy-to-remember passwords are convenient, but their potential downsides can be devastating. A weak and predictable password is easy to crack. Hackers may use software that guesses the most common passwords, and other freely available tools on the dark web (a hidden part of the internet notorious for criminal activity) may comb through your social media profiles to look for important names and dates that are likely to appear in your password.

Even if your password is long and strong, reusing the same one is a bad idea. If a company experiences a data breach—which happens more often than you may realize—cybercriminals won’t just have access to one of your accounts; they’ll be able to access many.

Makes sense, no? Unfortunately, the logic hasn’t convinced most of us to use unique, complex passwords.

A 2024 Bitwarden World Password Day survey revealed that 25% of respondents globally said they reuse passwords across as many as 20 accounts. And 36% said they use personal information in their passwords that can easily be found on social media. Oof.

Thankfully, it’s not too late to improve your online security. Keep reading to find out the most common passwords—prepare to cringe when you see yours in the list—and learn the best ways to manage your passwords going forward.

What is the No. 1 most common password?

The importance of selecting strong passwords is clear, right? It begs the question: What is the most common password in the world? After all, if you know hackers’ first guess, you can avoid it at all costs.

As a surprise to no one, perhaps, the most common password is 123456, according to Nord Security, a company that makes cybersecurity products, including NordVPN virtual private network software to browse the web anonymously and a password manager app called NordPass.

“Throughout the past five years, 123456 was ranked the world’s most common password four out of five times, and the past year was no exception,” says Gediminas Brencius, head of product at NordPass.

What are the 50 most common passwords?

50 Most Common PasswordsRD.com

In case you still need a little motivation to change your passwords, consider this scary tidbit: According to Brencius, 70% of the passwords on NordPass’s latest password list can be cracked in less than a second.

“To gain access to internet users’ accounts, hackers are often conducting brute-force attacks,” he explains. “It means that a hacker is submitting large batches of passwords or passphrases with an aim to eventually guess correctly.”

The most recent list of passwords from NordPass ranks these as the most common in the world:

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456
  10. 1234567890
  11. 1234567
  12. 123123
  13. 111111
  14. Password
  15. 12345678910
  16. 000000
  17. admin123
  18. 1111
  19. P@ssw0rd
  20. root
  21. 654321
  22. qwerty
  23. Pass@123
  24. 112233
  25. 102030
  26. ubnt
  27. abc123
  28. Aa@123456
  29. abcd1234
  30. 1q2w3e4r
  31. 123321
  32. qwertyuiop
  33. 87654321
  34. 987654321
  35. Eliska81
  36. 123123123
  37. 11223344
  38. 0987654321
  39. demo
  40. 12341234
  41. qwerty123
  42. Admin@123
  43. 1q2w3e4r5t
  44. 11111111
  45. pass
  46. Demo@123
  47. azerty
  48. admintelecom
  49. Admin
  50. 123meklozed

NordPass also looked at password use by location, determining that these are the most common passwords used in the United States:

  1. 123456
  2. password
  3. admin
  4. 1234
  6. 12345678
  7. 123456789
  8. 12345
  9. abc123
  10. Password
  11. Password1
  12. password1
  13. 12345678910
  14. 1q2w3e4r
  15. 1234567
  16. shitbird
  17. 1234567890
  18. 123123
  19. reset
  20. qwerty

Are your passwords on these lists? It’s time to change them. Using one of the above is a massive password mistake, and hackers are just waiting for you to make it.

How hackers get your passwords

If yours are among the most common passwords, hackers are in luck. It’s easy for them to access password lists by searching databases of compromised accounts. It doesn’t take long for a password dump to end up on the dark web after a cyberattack. From there, stolen passwords are quickly circulated. (Thankfully, these password lists fall into the hands of savvy researchers too.)

Once they have this list of passwords, how do hackers know which, if any, will grant them access to your accounts? The most common methods for figuring out your password include “credential stuffing, password spraying, keylogging, phishing scams and dictionary attacks,” says Iskander Sanchez-Rola, director of privacy innovation at Gen, the cybersecurity network behind brands such as Norton and LifeLock.

Many of those tactics rely on lists of passwords, though hackers also employ other methods to steal your sensitive information. Let’s break that down.

  • Credential stuffing: the automated injection of stolen username and password pairs (“credentials”) into website login forms to fraudulently gain access
  • Password spraying: a type of the abovementioned “brute force” attack in which a hacker uses a single password to try and break into multiple target accounts
  • Keylogging (or keystroke logging): the ability to track and record keystrokes made on a computer without the permission or knowledge of the user
  • Phishing scam: a type of fraud that uses a seemingly legitimate email to trick victims into voluntarily giving personal details, including passwords, to a cybercriminal
  • Dictionary attack: a type of cyberattack in which a hacker uses multiple commonly used passwords

“A robust and secure password, on the other hand, protects your computer from viruses, malware and ransomware attacks, in addition to helping you avoid identity theft and protecting against an account takeover,” says Sanchez-Rola.

Top password trends

Along with numerical sequences (like “123456”), the word password and simple keyboard combinations (such as “qwerty”), other password trends have emerged. Brencius says NordPass has noticed more internet users sticking to preconfigured passwords, like the word admin, which most likely is one of the passwords people don’t bother changing.

“However, we also see that people’s password habits are very much influenced by their cultural preferences and surrounding environment,” says Brencius. “In the U.K. and Italy, for example, people often draw inspiration from their favorite soccer teams’ names.”

That’s right: Hackers often go beyond password lists to access your accounts. Personal details that are widely available online—in social media posts, for instance—can give scammers plenty of ideas when guessing your passwords.

Sanchez-Rola reminds users not to use “personal information, such as names of family members or pets, or numbers that have significance to you, like an address, phone number, birthday or what have you, [as] these can be publicly available on forms you fill out or on social media profiles and are easily accessible to hackers.”

How to know if a hacker has your password

If hackers get your password, they won’t tell you about it. So how do you know if yours has been compromised? For starters, certain products you use may give you a heads-up.

If you use antimalware software (like Norton or McAfee) or a password manager—more on that below—it will alert you to any passwords it has cross-referenced with those leaked onto the dark web and will advise you to change them immediately. Your web browser or operating system (like iOS) may do the same. Heed that advice.

There are also trusted websites like HaveIBeenPwned.com, an online repository of email addresses and passwords that have been collected from publicly disclosed data breaches. If you enter your email address, the site will tell you if that email address has appeared in data breaches and, if so, from which sites.

But don’t ever share your password on any site that asks for it.

How to keep your passwords safe

I once heard a funny but clever method for thinking about passwords: Passwords are like underwear. Change them often, don’t show them to anyone and don’t leave them lying around.

Aside from following that bit of wisdom, there are a few actions you can take if you want to keep your password out of hackers’ hands:

Use unique, strong passwords

Bulletproof passwords consist of a random combination of uppercase and lowercase letters, numbers and symbols. “The longer the password is, the better,” says Brencius. “Experts at NordPass advise no fewer than 20 characters, plus people should also avoid dictionary words, popular slang or other words that could potentially be used by many.”

Use a password manager

The biggest objection to creating dozens of complex passwords is that it’s nearly impossible to remember them. Luckily, you don’t have to.

Reputable password managers not only hold your passwords and conveniently log you in to your online accounts—after you type in a single master password to access your digital vault, of course—but they can be leveraged to create complicated passwords for you too. Most password manager websites and apps also synchronize between devices for added convenience. Usually free for basic functionality, some password managers have a premium version with extra features.

Use multifactor authentication

Add a second layer of security to your accounts by enabling multifactor authentication. With it, you’ll be prompted to enter a one-time code that’s sent to your device (via an app, text message or email) to prove it’s you.

Even better, opt to use biometrics ID if prompted. This type of authentication uses part of your body, like a fingerprint or facial scan, to log you in to your accounts.

Give passkeys a try

An increasingly popular alternative to a password is a passkey. Major tech companies, including Microsoft, Amazon, Apple and Google, have already adopted the technology.

To access a website or app, a passkey relies on a string of encrypted data stored in your phone or laptop and verification from you via a face or fingerprint scan or a PIN code.

“Passkeys also ensure a user-friendly and secure alternative to traditional passwords,” explains Orenstein. “Passkeys are device-based authentication methods that do not require the user to remember any credentials, significantly reducing the risk of phishing and credential theft.”

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece, Marc Saltzman tapped his 30-year experience as a technology journalist, author of several books (including Apple Vision Pro for Dummies) and host of the syndicated “Tech It Out” radio show and podcast. We rely on credentialed experts with personal experience and know-how as well as primary sources, including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.


  • Iskander Sanchez-Rola, director of privacy innovation at Gen
  • Gary Orenstein, chief customer officer at Bitwarden
  • Gediminas Brencius, head of product at NordPass
  • Bitwarden: “World Password Day Survey 2024”
  • NordPass: “Top 200 Most Common Passwords”