The Worst Passwords of 2023... Why is Cyber Hygiene So Bad?

Those that follow our blog know, this is something we enjoy (and cringe at) doing each year. The true strength of passwords has always been overestimated. Unfortunately, passwords are becoming an increasingly significant point of weakness for personal and business security and it's no surprise considering this year's most popular (and worst) password of 2023 is... *sigh*... "123456"

Free Download: The Ultimate Guide To Staying Safe Online

Looking back at 2022, the top 10 worst passwords included “123123”, “guest” & “password” to name a few. Of last year's top 10, only 4 have managed to keep their positions with 6 new painful additions. The list of worst passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents; they evaluated a 4.3TB database.

Some of the trends they picked they've picked up on that an average user uses over 100 different passwords, 86% of all web app attacks use stolen credentials and a staggering 24 billion credentials have been breached since 2016. 

Unfortunately, it seems, many of us have kept with our lazy password habits as yet again, easy-to-guess combinations of numbers and keyboard patterns have taken up 8 of the top 10 spots with 7 of them all starting with "123". What's even more worrying is that of the first 50 worst passwords on the list only 10 take longer than 10 seconds to be cracked! 

We've highlighted the top 10, but please feel free to browse (and judge) the full list HERE

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456
  10. 1234567890

People use these simplistic passwords out of convenience, often for accounts, they don't care about like the one-off shopping sight sign-ups. The problem is, people don't understand that even though they don't care about that single account if a hacker gains access they can use this to uncover much more important information put on the account like emails, names, phone numbers, and even payment details.

How You Can Increase Your Password Security 

A study by dataproto found that 51% of people have admitted to using the same password for multiple accounts. It's not unlikely that one of your passwords has looked similar to or appeared on this list. If they have, it's most definitely time to level up your password hygiene and here is how. 

51% of people have admitted to reusing passwords for multiple accounts

In today's world, it seems like everything requires a password. We have passwords for our computers, emails, social media, online shopping, and almost any website where we make bookings or orders. Dealing with so many accounts can lead people to reuse passwords or choose easy-to-remember ones.

It's crucial to remember that, even for what may seem like less important accounts, if cyber-criminals get into one of them, they could potentially access all your other accounts that share the same password. 

Keep it Complex and Keep it Long

While the top 10 most common passwords are laughably weak, the complete list of the 200 worst passwords includes many that people might have thought were strong. Surprisingly, the majority of these passwords can be cracked in less than a second!

It's easy to overlook the importance of creating strong passwords, especially for accounts that may not seem crucial. However, if a cyber-criminal gains access to one account, it opens the door to all others sharing the same password. A strong password should have at least 12 characters and a mix of upper- and lowercase letters, numbers, and symbols. Remember, it's crucial to prioritize security over convenience.

Take the Time to Maintain and Delete Old Accounts

95% of data breaches are caused by human error (this includes weak passwords)

Regularly check which accounts you’re still using and which you no longer access. Unused accounts can put your security online at risk because you may not notice when they get breached. What's more, even if you use a 'spam' password for accounts you don't care about if you accidentally forget to remove any of your information from that account the hacker will gain access. This can be anything from phone numbers, names, addresses and even payment information. 

A common misconception is that most information outside of payment details is of little use to hackers but this is false. Hackers also make a profit from your personal information. Many of these hacking groups build profiles on people using their real information which they can then sell to someone who can impersonate you which will then take out loans, open bank accounts and purchase malicious items all in your name using your personal information. There isn't going to be a better version of itself without that

Stay Vigilant Against Phishing Attacks

If you allowed yourself to fall victim to a phishing attack, a password cracker could be installed onto your device which will then try thousands of different passwords every second, working from most common to least common. If your password Is not unique or contains common words/names it will most likely take cyber-criminals less than a few seconds to get into your account.

If you're worried you might accidentally fall victim to a phishing attack, view these quick and easy ways you can avoid phishing here.

Make Password Management Easy

Secure, create and manage, passwords easily with Bitwarden!

Bitwarden is an open-sourced password manager that enables companies to protect multiple accounts with robust passwords using end-to-end encryption, without the hassle of needing to remember them.Bitwarden_logo.svg

Bitwarden offers everything from a general password manager and generator, to secure file and account sharing. Bitwarden is a complete security game-changer. Having a password manager is imperative these days and if you are going to pick one bitwarden has everything you need and more to keep your data secure.

Feel bitwarden would help keep your business secure or just want to learn a bit more? Click here to view our Bitwarden blog for a deeper insight.

You Secure Your Password, We'll Secure Your Business

In this modern age, it seems that everything requires a password – from shopping and email to workstations and social media. Managing the numerous accounts we create can be challenging, especially when trying to come up with unique passwords for each. It's no surprise that keyboard patterns are among the most common passwords, given their simplicity to remember, but unfortunately, they are also easy to crack.

If you've observed that any of your passwords are either on this list or appear similar, consider 2023 as the opportune time to enhance your password security. Take proactive measures such as employing distinct, intricate passwords for each of your accounts, utilizing a password manager, and enabling two-factor authentication. By ensuring these practices, you can significantly diminish the risk of a hacker compromising your accounts and data.

Do you want to reduce your business exposure but don't know where to start? We're here to help, with over 17 years of experience working with small and large companies, putting the right security solutions in place for them, we could be the trusted MSP your business needs. To find out more, please feel free to contact us on 0330 002 0045 or email, to be put in contact with one of our experienced consultants.

New call-to-action

Subscribe here!

Recent Posts

Posts by tag

See all