The worst passwords of 2020 revealed: What can we learn?

Those that follow this blog will be familiar with our annual review of the worst (and sometimes funniest) passwords of the year. We have spoken at length about just how insecure passwords really are, and the examples we touch on at this time every year truly show that passwords remain a significant point of weakness for company security. Unfortunately, data from 2020 shows that there has been little improvement in our passwords.

Interested in learning how you can stay safe when online? Read our FREE e-Book >>

Free Download: The Ultimate Guide To Staying Safe Online

Looking back to 2015, the lists released by information-security companies included “123456” and “password”. Fast forward five years, and these examples are still just as prevalent. In fact, after NordPass and partners analysed 275,699,516 passwords leaked in 2020 data breaches, they found the chart is made up largely of entries from last year and the year before. Of the 200 most common, there were 78 new additions to the list however, such as “password1” in third place and “senha” (Portuguese for password) in tenth. “aaron431” was another new entry and is the most popular name used as a password.

Moreover, analysis of the passwords leaked found that yet again, various easy-to-guess combinations of numbers remain as popular as ever. Indeed, seven out of the top ten were made up of numerical combinations. For instance, “123456”, “123456789” and “12345678” occupied the first, second and fifth places. What’s more, it could take less than a second to crack all top 10 on the list, with the exception of “picture1”, which would take approximately 3 hours when hackers use a brute-force attack. Only 44 percent of the passwords recorded were considered ‘unique’.

If the above is not a cause for alarm, then maybe this statistic will be – among them, the top five passwords have more than 4.5 million users and they account for over 38 million combined exposed in 2020 data breaches.

The worst passwords of 2020

So, what about the list?

We have gone through the top 10, but you can browse through the whole list on NordPass’s blog by following this link.

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 12345678
  6. 111111
  7. 123123
  8. 12345
  9. 1234567890
  10. senha

According to research, the reason most people use simple and easy-to-remember passwords like the ones on the list is down to convenience. The issue with this is that it is the most memorable passwords that are highly vulnerable to being hacked.

How can you protect yourself?

If any of your passwords appeared on the list, then it might be time for you step up your password security. And one of the first ways you can do this is to ensure your passwords are unique and complex to each of the accounts you use. Easy right?

These days, we all must remember a whole host of passwords. We have passwords for our email, social media and workstations. Some of us will even have them for multiple online shopping accounts. With so many different accounts and therefore different passwords to remember, it is no surprise that people re-use passwords or use one that is easy to remember (and crack!). Studies suggest that at least 65 percent of people reuse passwords across multiple sites, and a terrifying 13 percent of people use the same password for all accounts and devices. As is obvious, if a cyber-criminal manages to get hold of one of your passwords, they will then be able to access all of the other accounts you have use this password for.

Moreover, if this happens in a business sense, the risks are far greater than those of personal use. For example, a cracked password can lead to data loss and in some cases significant data breaches can be fatal for SMEs.

Ultimately, the easiest way to combat the issue of remembering multiple complex passwords as well as creating them is by using a password manager. This creates a secure repository of your passwords and will also recommend strong passwords for you to use. All you need to do is remember one, complex master password. Many password managers will also automatically fill in your passwords when you arrive at a login page, thus saving you time and logging you in securely.  

Across the entrust IT Group we recommend the Myki Password Manager to all of our customers and can help you implement it in your organisation. The service differs slightly from the traditional password managers you may be familiar with, such as LastPass and Dashlane, whereby all passwords are stored offline rather than in the cloud.  Although these are secure, they are also a big target for cyber-criminals. If a hacker manages to gain access to the cloud storage, they would be able to access all of the passwords you have stored. To help eliminate this risk to users, Myki stores all passwords locally on a user’s devices, and authenticates through their smartphone using the facial or fingerprint recognitions. Simply set up a Myki account, install the application on the devices you use and the extension in your web browsers then you’re good to go.

Another great thing about Myki is that it is built for MSPs and Teams, so therefore helps your IT department to take control of the password security across your organisation. For example, your IT team can provide secure passwords to any of the workplace databases and push it to the phones of staff who need access. As a result, they can authenticate into the database without ever seeing the password and should they ever leave the organisation, access can instantly be revoked as and when is necessary.

In addition to using a password manager, we recommend using two-factor authentication to add an extra layer of security to your accounts. For the most part, this involves receiving a code via SMS to your smartphone or through the use an app which shows you a randomly generated code, but increasingly apps and services are sending a confirmation number to user devices as a notification instead. Some of these will allow you to simply tap the notification to approve the login. Use of biometric scanners such as those for fingerprints and faces are also on the rise. The key here is to reconfirm your identity through a second security layer and make it more difficult for hackers to breach your account.

For a long time now, cyber security experts have identified the use of strong, unique passwords as one of their top recommendations when it comes to password security hygiene. However, this has also long-since been one of the least commonly followed recommendations. With the rate in which cyber-crime is rising amid the pandemic, now is the time as we head into 2021 to take the appropriate steps to better your password security. For instance, by using different complex passwords for each of your accounts and making use of a password manager like Myki to help you do this, as well as turning on two-factor authentication. Making sure of these will reduce the risk of a hacker breaching your accounts and data.

If you are keen to get on top of cyber security at your business and are seeking to reduce your exposure to weak passwords, get in touch with a representative from entrust IT Group today. Contact us at 0330 002 0045 or visit

New call-to-action

Subscribe Here!

Recent Posts

Posts by Tag

See all