The 200 Worst Passwords of 2021 Are Here and Oh My God

The 200 Worst Passwords of 2021 Are Here and Oh My God
Photo: Issouf Sanogo, Getty Images

After a year filled with massive hacks and lord-knows how many exploits, you’d think we would all learn to be a bit — just a bit! — more cyber-savvy as 2021 comes to a close. But if this year’s list of the 200 most popular passwords is any indication, we’re just as dumb as we’ve ever been. Perhaps even dumber.

The Awful Password List is an annual project from the password manager NordPass, which put all of us on blast in 2020 for using phrases like “123456″ and “qwerty” as login credentials, despite all of us knowing how objectively bad those passwords are. In fact, we’ve known they’ve been bad for years at this point — those sorts of phrases have cropped up on lists of the most popular passwords for years at this point, and have been gawked at accordingly.

Apparently the heckling didn’t work. Those same offenders appeared on NordPass’s top 20 list for this year, along with some other ill-advised choices. Most of these, like “123456789″ or “000000,” involve some kind of number-mashing on your keyboard that the company estimates would be relatively easy for any coder to crack in about one second. Other popular choices like “password” and “abc123,” are just as easy to crack.

While “qwerty” and “abc123″ are obvious contenders on the list, there are other less obvious — but equally bad! — passwords, such as “iloveyou,” “baseball,” and “dragon.” Folks, “baseball” is not a real password. Neither are most of the other half-assed attempts at cybersecurity that were unfortunate enough to nab a spot on NordPass’s list, which you can read for yourself here.

Just to give you a picture of what we’re dealing with, here’s this year’s top 20 most popular passwords from around the globe.

1. 123456

2. 123456789

3. 12345

4. qwerty

5. password

6. 12345678

7. 111111

8. 123123

9. 1234567890

10. 1234567

11. qwerty123

12. 000000

13. 1q2w3e

14. aa12345678

15. abc123

16. password1

17. 1234

18. qwertyuiop

19. 123321

20. password123

Yikes, right? Most of these passwords can be cracked in less than one second, according to NordPass, while the best — like “myspace1″ and “michelle” — can take up to 3 hours.

NordPass CEO Jonas Karklys remains baffled and sad. “Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” Karklys said in a statement. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”

Beyond passwords, this means keeping an eye on your accounts — all of your accounts — for suspicious activity, and using multi-factor authentication whenever you can, NordPass said. But more than anything, it means investing in strong passwords that take longer than half a second to crack. And seriously, if your password is still “password” at this point, then you need to change that thing immediately.