Although they can be guessed by hackers in a matter of seconds, there are millions of people in the world who still use passwords like “123456” or “password”.
Passwords remain a necessary evil for most of us, even as the cybersecurity industry seeks safer alternatives like passkeys.
However, many users continue to rely on weak, predictable passwords, leaving their accounts vulnerable to increasingly sophisticated attacks, according to a new analysis by researchers at anyIP.
Using data from the most used passwords, anyIP identified the 200 weakest passwords of 2024. Unsurprisingly, “password” topped the list, closely followed by easy-to-guess combinations like “qwerty123”, “123456” and “qwerty1”.
“These findings highlight the alarming prevalence of predictable passwords and easily hackable,” said Khaled Bentoumi, co-founder of anyIP. “Hackers are increasingly using sophisticated tools to breach accounts in seconds, and relying on weak passwords is the same as leaving your front door unlocked.”
The worst passwords
The study revealed shocking statistics about password usage:
- 123456: Used more than 112 million times worldwide, this simple number sequence remains one of the most popular but unsafe choices.
- 123456789: Despite being a little longer, this password has been used more than 50 million times and is equally easy for hackers to crack.
- password: This perennial favorite continues to be common around the world, ranking first in countries like the United Kingdom and Australia and ranking third in the United States.
- qwerty: A keyboard pattern that appears as the most used password in countries such as Canada, Lithuania and Norway
Alarmingly, researchers noted that almost 50% of the most commonly used passwords consist of simple keyboard patterns or basic numeric sequences, which makes them highly vulnerable to automated hacking tools, says .
To combat these risks, experts recommend transitioning to login systems based on access keyswhenever possible. Access keys, which are randomly generated and not shared during the login process, offer a significant improvement in security as they are almost impossible for hackers to guess or intercept.
For users who must use passwords, a strong defense includes using a password manager to create complex and unique passwords, avoid reusing passwords across multiple accounts, and avoid obvious choices like “password” or “123456”.
