A study by NordPass has found the most common password used by people over the last year.
'123456' is the most common password in the world this year, the fifth annual study has found.
Numerical sequences made up eight of the 10 most common passwords, according to the study, which looked into passwords in 35 different countries.
Almost a third (31%) of the world's most popular passwords consist purely of numerical sequences, with '123456' placing first in four out of the five years of the study.
Users are also increasingly sticking to pre-configured passwords such as 'admin', the second-most common password.
'12345678', '123456789', '1234' and '12345' placed third to sixth, while 'password' was the seventh-most common password ahead of '123', 'Aa123456', and '123456790', which rounded out the top 10.
'UNKNOWN' was 11th, '1234567' was 12th, '123123' was 13th, '111111' was 14th and 'Password' was 15th. '12345678910', '000000', 'admin123', '*********' and 'user' completed the top 20.
People typically use the weakest passwords for their streaming accounts, likely due to the fact that they are shared accounts, and the strongest passwords for their financial accounts, NordPass said.
Passwords associated with games or fiction proved popular, with 'Aladdin66' making the top 20 in Taiwan. 'Supermario12' featured in the Austrian top 20, and 'gtasanandreas123' was popular in Mexico.
Internet users also commonly feature the names of countries and cities in the passwords.
The list of passwords was compiled by NordPass in partnership with independent researchers specialising in researching cybersecurity incidents.
Researchers analysed a 4.3TB database of passwords extracted from various publicly available sources, including some of the dark web. No personal data was purchased by NordPass to conduct the study.
NordPass and third-party researchers also analysed passwords from a 6.6TB database of passwords.
The passwords were stolen by various stealer malware. Malware logs contain vast amounts of information about the victims of attacks.
For example, malware can steal information saved in your browsers, such as passwords and other credentials, source website cookies, autofill data.
It can also steal files from its victim's computer, as well as system details such as OS version or IP address.
“The scariest part is that victims might not even realise that their computer is infected," said Tomas Smalakys, chief technology officer at NordPass.
"Bad actors tend to hide malware in well-crafted phishing emails, imitating a legitimate organisation, such as your bank or your company.”
NordPass recommends that users create long and complex passwords; avoid storing secrets on their browser and adopt a password manager; start adopting passkeys instead of passwords; and remain vigilant.
Passkeys are a form of authentication whereby a user doesn't need to come up with a password. When joining a website that supports passkeys, the user's device generates a pair of related keys -- one public, one private.
The private key is saved on the device itself and the public key is stored on the website’s server. Without each other, they are useless.
If the user is successfully identified by their biometrics, the passkeys are matched and the user successfully signs in.
“This technology will help eliminate lousy passwords, thus making users more secure," said Smalayks.

"However, as with every innovation, passwordless authentication will not be adopted overnight. Being amongst the first password managers to offer this technology, we can see that users are more and more curious to test it out.
"However, there’s still a lot of work to be done and password security still remains a matter of today."
(Pic: Getty Images)











