Top 100 Passwords of 2019

Year after year, analyses show that millions of people make, to put it mildly, questionable choices when it comes to the passwords they use to protect their accounts. Data for 2019 showed that bad habits do die hard and many people willingly put themselves in the firing line of account-takeover attacks.

Drawing on an analysis of a total of 500 million passwords that were leaked in various data breaches in 2019, NordPass found that ‘12345’, ‘123456’ and ‘123456789’ reigned supreme in order of frequency. Between them, these numerical strings were used to ‘secure’ a total of 6.3 million accounts. It doesn’t get much more optimistic further down the list, however, as these three choices were followed by ‘test1’ and, the one and only, ‘password’.

Somewhat predictably, the chart is overall replete with many usual suspects among the most common passwords – think ‘asdf’, ‘qwerty’, ‘iloveyou’ and various other stalwart choices. Other supremely hackable passwords – including simple numerical strings, common names, and rows of keys – also abound. Much the same picture is painted annually by SplashData’s lists of the most-used passwords, such as last year, the year before that, and so on.

The top 100 used passwords:

1. 12345
2. 123456
3. 123456789
4. test1
5. password
6. 12345678
7. zinch
8. g_czechout
9. asdf
10. qwerty
11. 1234567890
12. 1234567
13. Aa123456.
14. iloveyou
15. 1234
16. abc123
17. 111111
18. 123123
19. dubsmash
20. test1
21. princess
22. qwertyuiop
23. sunshine
24. BvtTest123
25. 11111
26. ashley
27. 00000
28. 000000
29. password1
30. monkey
31. livetest
32. 55555
33. soccer
34. charlie
35. asdfghjkl
36. 654321
37. family
38. michael
39. 123321
40. football
41. baseball
42. q1w2e3r4t5y
43. nicole
44. jessica
45. purple
46. shadow
47. hannah
48. chocolate
49. michelle
50. daniel
51. maggie
52. qwerty123
53. hello
54. 112233
55. jordan
56. tigger
57. 666666
58. 987654321
59. superman
60. 12345678910
61. summer
62. 1q2w3e4r5t
63. fitness
64. bailey
65. zxcvbnm
66. fuckyou
67. 121212
68. buster
69. butterfly
70. dragon
71. jennifer
72. amanda
73. justin
74. cookie
75. basketball
76. shopping
77. pepper
78. joshua
79. hunter
80. ginger
81. matthew
82. abcd1234
83. taylor
84. samantha
85. whatever
86. andrew
87. 1qaz2wsx3edc
88. thomas
89. jasmine
90. animoto
91. madison
92. 0987654321
93. 54321
94. flower
95. Password
96. maria
97. babygirl
98. lovely
99. sophie
100. Chegg123

Eerily familiar?
If you recognize any of the above as your own, then fixing your passwords is almost certainly one of the things that deserve a place on your list of things to do. For starters, fixing here means not having the exact same idea as millions of other people when you’re signing up to a service and are asked to create your password.

One way to go about this is opt for a passphrase, which, if done right, is generally a tougher nut to crack as well as easier to remember. The latter is especially useful if you don’t use password management software, which, somewhat unsurprisingly, has been shown to benefit both password strength and uniqueness. Yes, that passphrase should, of course, be unique for each of your online accounts, as recycling your passwords across various services is tantamount to asking for trouble.

You may also want to watch out for password leaks. There are a number of services these days where you can check if your login credentials may have been caught up in a known breach. Some of them even offer you the option to sign up for alerts if your login information is compromised in a breach.

In fact, as ours is an era where login data are compromised by the millions, why settle for one line of defense if you can have two? At the risk of repeating ourselves, two-factor authentication is a highly valuable way to add an additional layer of security to online accounts on top of your password.

You can easily avoid these problems by maintaining good password hygiene.

Go over all the accounts you have and delete the ones you no longer use. If a small, obscure website ends up breached, you might never even hear about it. You can use haveibeenpawned.com to check if your email was ever in a breach.

Update all your passwords and use unique, complicated ones to safeguard your accounts. Employ a password generator to make sure they are impossible to guess. To see if any of your current passwords were ever exposed online, head over to our password strength checker.

Make sure to check your every account for suspicious activities regularly. If you notice something unusual, change your password immediately.

Data is getting more and more valuable. So as breaches continue to happen to large companies, like Microsoft, Yahoo, and Facebook, users need to protect their data themselves.