It’s No ‘Secret’: The Most Common Passwords in 2024 Will Leave You Dumbfounded

It’s not surprising that hackers are thriving.

Passwords aren’t very secure these days.
Passwords aren’t very secure these days. | Boris Zhitkov/GettyImages

Consumers love to keep things simple. When it comes to passwords, that can have serious consequences. Time and again, users ignore advice about long and complex passwords in favor of something they can easily remember. And hackers love it.

Each year, cyber security and password manager firm NordPass compiles a list of the most common passwords among tech users. The data comes from hacking leaks, which is a kind of proof of concept of their uselessness in protecting consumer information.

Here are the most often-seen passwords in the United States for 2024:

  1. secret
  2. 123456
  3. password
  4. qwerty123
  5. qwerty1
  6. 123456789
  7. password1
  8. 12345678
  9. 12345
  10. abc123
  11. qwerty
  12. iloveyou
  13. Password
  14. baseball
  15. 1234567
  16. 111111
  17. princess
  18. football
  19. monkey
  20. sunshine

Secret takes the top spot, followed by 123456 and, in what must be a new record for minimal effort in human history, password. Sports also seem to be popular, with baseball and football in the mix. (One presumes golf would rank, if not for the fact it’s unlikely to meet minimum character limits.) NordPass estimates all of these passcodes would take a hacker or program less than one second to compromise.

As some Gizmodo readers who reacted to the list pointed out, it’s possible these passwords were used for websites that don’t harbor a person’s private data and represent a low security risk if breached. While that’s still poor internet practice—you might not remember you shared a birthday or mailing address with a site, making your account at least a little vulnerable—it does make sense.

But NordPass also looked at the passwords used in the corporate world, where people certainly have sensitive or proprietary information to protect. These were the most common corporate passwords across all countries:

  1. 123456
  2. 123456789
  3. 12345678
  4. secret
  5. password
  6. qwerty123
  7. qwerty1
  8. 111111
  9. 123123
  10. 1234567890
  11. qwerty
  12. 1234567
  13. 11111111
  14. abc123
  15. iloveyou
  16. 123123123
  17. 000000
  18. 00000000
  19. a123456
  20. password1

As you can see, people aren’t much smarter about cyber security at work than they are at home. 123456 was associated with a whopping 1,233,447 work-related accounts, and the ever-popular password was used nearly 200,000 times. The only even semi-effective password on the corporate top 50 was TimeLord12, which NordPass estimates would take roughly five days to crack. At least fans of Doctor Who pay a little attention to their privacy.

It’s also worth noting the overlap of both personal and professional passwords, indicating people tend to use the same (or similar) logins for both portals. NordPass also points out that despite six years of circulating this disturbing data, not much has changed: People are still opting for easily-remembered passwords rather than secure ones.

The advice on strong cyber security remains the same. Choose passwords at least 20 characters long with a variety of characters and symbols. Avoid easy-to-guess topics like birthdays or hometowns. The more nonsensical, the better. And if you absolutely can’t avoid the themes in the lists above, at least Secretpasswordbaseballqwerty123 would be an improvement.

Read More About Technology: