For the last ten years, Techlicious has been reporting on the worst password choices, and unfortunately, not much has changed. Have you used “password,” “admin,” or “12345” for any of your accounts? You’re not alone. In 2023, the simplicity of "123456" remains the go-to choice for many Americans, as revealed by NordPass' fifth annual password trends study. This makes for a concerning disconnect between cybersecurity awareness and our ongoing reliance on easily memorable and preset passwords.
Intriguingly, there’s a shift towards creative, albeit still insecure, passwords using vulgar words, with "shitbird" coming in at number 16 this year.
Here are the top 10 most used passwords in the U.S.:
- 123456
- password
- admin
- 1234
- UNKNOWN
- 12345678
- 123456789
- 12345
- abc123
- Password (hint: capitalizing password does not make it more secure)
Read more: Find out how your passwords stack up against the latest hacking tools
Streaming accounts, protected by the weakest passwords, are particularly vulnerable. Tomas Smalakys, CTO at NordPass, attributes this use of weak passwords to the joint management of shared accounts and the convenience of using easy-to-remember passwords. On the other hand, people demonstrate more caution with financial services, demonstrating some level of security awareness.
Soon, you may not need to bother with passwords at all. The future of password security is heading towards passkeys, a new form of authentication that eliminates the need for traditional passwords. This system generates a pair of related keys – a private key stored on your device that’s protected by a biometric ID (your face or fingerprint, for example) and a public key on the website's server. Matching the passkeys authenticates you for successful sign-in.
While passkeys are gaining momentum, passwords are still the predominant method used for security. Whatever your reasoning for sticking to your weak passwords, it’s time to get rid of them. The easiest way to create and use strong, unique passwords is to use a password manager. NordPass is a highly secure and easy-to-use password manager that I feel comfortable recommending, along with 1Password and Dashlane.
And if you’re not using a password manager, your passwords are almost guaranteed to be insecure, especially with the latest advances in computer processing power. For those situations where you need to create a very secure password that you can remember without a password manager, my tips on creating strong memorable passwords will help you do it.
[Image credit: Laptop with weak password stuck to the back via BigStockPhoto ]
For the past 20+ years, Techlicious founder Suzanne Kantra has been exploring and writing about the world’s most exciting and important science and technology issues. Prior to Techlicious, Suzanne was the Technology Editor for Martha Stewart Living Omnimedia and the Senior Technology Editor for Popular Science. Suzanne has been featured on CNN, CBS, and NBC.
From Gary Rumble on November 17, 2023 :: 2:35 pm
It’s amazing how many sites and applications don’t allow copy and paste in the name of “security”. Making a password manager painful to use.
And entering a complex password on my TV screen is beyond difficult. You wonder why my Netflix password is 12345? Because 9Ao574f6#J$4ryh03n)VKo^=N is impossible to enter.
Reply
From Josh Kirschner on November 17, 2023 :: 8:37 pm
With a password manager, you shouldn’t need to cut and paste. The password manager will automatically fill in your credentials for any site or app you have saved. I can’t think of a single site where that doesn’t work for me.
For Netflix, you can sign in on your TV using a QR code through your phone. So super easy and no need to type in your password.
Reply