The 10 most popular passwords of 2024 are also the worst: 5 easy ways to do better

Admit it: Do you ever use "123456" or "qwerty123" as a password? Given the challenges of juggling dozens or hundreds of online accounts, it's easy to opt for simple (but weak) passwords. Based on a new report from password manager NordPass, people are still doing exactly that -- which is just asking for trouble. 

Also: 7 essential password rules to follow in 2024, according to security experts

For the sixth year in a row, NordPass has compiled a list of the top 200 most popular passwords for both personal and business use. Working with threat management company NordStellar, NordPass reviewed and analyzed a 2.5TB database of passwords from around the world, including those found on the dark web. Guess what? They're still really bad.

"After analyzing six years' worth of data, we can say there hasn't been much improvement in people's password habits," NordPass said in the report. "So, despite many organizations' efforts to spread awareness, the problem is still as prevalent as ever."

Out of the worst offenders, "123456" took the top prize. Found in over 3 million instances, this one would take a cybercrook less than a second to crack. Similarly easy winners (or losers) included "123456789," "12345678," "password," and "qwerty123." Collectively, these four were used by more than 3.8 million people.

Also: How to make any password manager your autofill service on Android

Rounding out the top ten were "qwerty1," "111111," "12345," "secret," and "123123." Again, all of these were used by millions of people and could be cracked in less than a second.

The news wasn't much better for people in the professional world. Among the passwords found for corporate accounts, "123456" was again top of the list, used in more than 1.2 million cases. "123456789," "12345678," "secret," and "password" also made up the rest of the top five here. 

"If you check out the top 10 most common personal passwords and compare them to the corporate list, you'll notice they're nearly identical," NordPass said in the report. 

Also: Why you don't need to pay for antivirus software anymore

The personal and corporate passwords analyzed by NordPass were stolen by malware or exposed in data breaches. In most cases, the email addresses were leaked along with the passwords, helping NordPass determine which ones were for personal use and which ones were for business use.

Of course, weak and crackable passwords can easily lead to account compromise, identity theft, and other hazards. So how do we better protect ourselves? Nordpass has some tips. 

How to create stronger passwords

1. Opt for longer passwords

Your password should be at least 20 characters and include a combination of uppercase and lowercase letters, numbers, and special symbols. Avoid including birthdays, names, or common words.

2. Never reuse passwords

Don't use the same password for multiple sites or accounts. If one service is hit by a compromise or data breach, any other services that you use with the same password can be at risk.

3. Review your passwords

Regularly review the makeup of your passwords. Look for any that are old, weak, or reused, and make them more complex. 

4. Use a password manager

Since creating and recalling lengthy passwords with complex characters may feel impossible on your own, consider a password manager. These devise, store, and apply passwords to your online accounts. 

Also: Bitwarden vs. 1Password: Which password manager is best?

Just make sure you create a strong and complex master password for extra protection. If all goes well, however, the master password will be the only one you'll have to remember.

5. Start using passkeys

Designed to replace conventional passwords, passkeys are still in limited use but are gaining traction, especially among major companies and websites. Much stronger and safer than passwords, passkeys can automatically sign you into websites and apps using facial or fingerprint recognition or a physical security key.