Our Blog How To Thrive 50 Most Used Passwords & How To Keep Yours Safe

50 Common Passwords

In our industry clients often share passwords for domains and servers with us and it's shocking how bad they can be.

50 Most Used Passwords & How To Keep Yours Safe

In our industry clients often share passwords for domains and servers with us and it’s shocking how bad they can be. Roughly 50% of the time the password strongly relates to the business or client name and would easy-enough to guess given the right context.

This is crazy when there are so many good solutions to manage passwords these days! Here are some great options for managing your passwords:

  • Using your browser! For example, Chrome has an amazing password management features that can sync across all your devices when logged in.
  • 1Password is great for sharing passwords within a large organisation.
  • NordPass is another large-scale password management system that is great for use across multiple accounts/devices.


Passwords should be…

  • Long. Most likely it will be a robot script trying to guess your password so the longer it is the harder it will be for the script to try every combination. It’s possible that with modern GPU systems cracking attempt rate of 7 billion per second can be achieved. An 8 character alpha-numeric password can be broken in 30 seconds! Whereas a 13 character password would take more than 900,000 years at that rate. Luckily your password hash will not be accessible for a computer to break at this speed. Frustratingly many systems limit the length of passwords so it’s not always possible.
  • Random. Don’t be tempted to relate it to your name or business. It’s safe to choose random words and characters that you can remember easily if the password is long.


Related xkcd


But, why?

I recently read about a study of a huge amount of leaked passwords. In this study the password choices of 10 million people, from everyday people to the rich and powerful were analysed. Some interesting people were on the list including the global director of Nike whose password was cracked in 0.02 seconds, an editor at the New York Times 0.9 seconds and senior manager at IBM 0.0 seconds! The majority of these were able to be cracked in under 22 seconds. The list was full of high profile people making the same mistakes we all do.

If you use email providers like Gmail you don’t need to worry too much about your passwords being cracked by hacking software. These providers are set up to stop illegitimate attacks almost immediately. The same goes for your online banking, but for websites like yours that don’t have the same level of security we need to know how to keep the hackers out.


Most people think of obvious words and numbers and combine them in simple ways.


Don’t use obvious patterns!

When creating passwords, you should avoid typical patterns that are easily guessable by attackers. These patterns include:

  • Sequential numbers or letters: Avoid using consecutive numbers or letters, such as “123456” or “abcdef”.
  • Repeated characters: Do not use simple repetitions like “111111” or “aaaaaa”.
  • Keyboard patterns: Steer clear of patterns that follow keyboard layouts, such as “qwerty” or “1qaz2wsx”.
  • Personal information: Avoid using easily accessible personal information, like your name, birthdate, or phone number.
  • Dictionary words: Do not use single words found in the dictionary, as these can be easily cracked using dictionary attacks.
  • Simple substitutions: Replacing letters with numbers or symbols that look similar, like “p@ssw0rd”, is not secure enough.
  • Short passwords: Longer passwords are generally more secure, so avoid using passwords with less than 12 characters.
  • Common phrases: Using well-known phrases, quotes, or idioms can be easily guessed.
  • Password variants: Avoid using slight variations of the same password across different accounts.

Default passwords: Do not use default passwords provided by websites or devices, as these are often the first ones attackers will try.
Instead, create strong, unique passwords by using a combination of upper and lowercase letters, numbers, and symbols. You can also use a passphrase consisting of multiple random words, which can be easier to remember and still provide strong security. To manage multiple complex passwords, consider using a password manager.

Digital privacy is so important!

It seems we humans are a predictable bunch so it doesn’t take long for dedicated hacking software to crack our passwords. Most people think of obvious words and numbers and combine them in simple ways. Adding a variation in characters, for example changing THRIVE to 7HR1V3, will make a little difference on how hard it is to guess, the length of the password however, is more significant. As it turns out the biggest mistake you can make is that your password is too short. The longer a password is the stronger it is. Most passwords are approximately 8 characters long so make sure it is longer than this.

One of the tools we like to use is a secure password you could try a password generator like LastPass. This uses simple words and even spaces but because of the length of the characters it can make your password literally millions of times harder to guess. The good thing about this is that the words make it much easier to remember.


Finally, the 50 most common passwords:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 123456789
  6. 12345
  7. 1234
  8. 111111
  9. 1234567
  10. dragon
  11. 123123
  12. baseball
  13. abc123
  14. football
  15. monkey
  16. letmein
  17. shadow
  18. master
  19. 696969
  20. michael
  21. mustang
  22. 666666
  23. qwertyuiop
  24. 123321
  25. 1234…890
  26. p*s*y
  27. superman
  28. 270
  29. 654321
  30. 1qaz2wsx
  31. 7777777
  32. f*cky*u
  33. qazwsx
  34. Jordan
  35. Jennifer
  36. 123qwe
  37. 121212
  38. killer
  39. trustno1
  40. hunter
  41. harley
  42. zxcvbnm
  43. asdfgh
  44. buster
  45. andrew
  46. batman
  47. soccer
  48. tigger
  49. charlie
  50. robert


Dean Oakley

Written by Dean Oakley

Dean founded Thrive Digital in 2006 and has worked in the design and development space ever since. He received 1st Class Honours in a Bachelor of IT and oversees all technical aspects of our projects.