“123456” is the most-used password in most places around the world. But once you sort frequently used passwords by country or language, you’ll start seeing very different results.
Ones that are easy to type—such as “123456”—are the most universal. And some differences among bad passwords are simply a matter of language: “password” ranks high among English speakers, while for German speakers, it’s “passwort”; “qwerty” is replaced with “azerty” in France because of how French keyboards are arranged.
It all becomes more interesting when cultural differences influence the use of bad passwords. Fans of Juventus, an Italian football team, might find their use of “juventus” as a satisfactory choice of password. Unfortunately, it’s the fourth most common among Italian internet users. “Anathema” might sound relatively unusual as a password—unless you’re in Turkey, where the British band Anathema is apparently so big that it’s among the top 10 most common passwords.
[Watch football live streams with a VPN to enjoy every match securely—and often for free]For this graphic, we’ve selected a popular password in various countries (nearly all are within the top 10), many of which are particular to that country, and show how cultural factors influence password creation.
Note that much of our data comes from a third-party study of leaked passwords, courtesy of GitHub user Ata Hakçıl, and is based on the language of the associated websites. We used these languages to infer countries. Data was not available for all countries/languages.
| Country | Most used password |
|---|---|
| Norway | webhompass |
| Sweden | okthandha |
| Poland | zaq12wsx |
| Finland | salasana |
| Estonia | D1lakiss |
| Latvia | 911yana777 |
| Lithuania | lopas123 |
| Ukraine | PovlmLy727 |
| Slovakia | martin |
| Hungary | 63245009 |
| Turkey | anathema |
| Greece | 212121 |
| Russia | 1q2w3e4r5t |
| Japan | 159753qq |
| China | wangyut2 |
| Hong Kong | 5201314 |
| Malaysia | sayang |
| Indonesia | sayang |
| Thailand | 221225 |
| India | Indya123 |
| Israel | yh134679 |
| Brazil | rental |
| Spanish-speaking regions | mustang73 |
| USA | iloveyou |
| Iceland | kassi |
| Italy | juventus |
| Croatia | dinamo |
| France | doudou |
| Netherlands | welkom |
| UK | ashley |
| Germany | passwort |
| Denmark | webhompass |
Poor password selection is widespread
To find out how people approach password setting, ExpressVPN recently conducted a survey in collaboration with mobile poll provider Pollfish to ask 1,000 U.S. adults about their password selections. We have yet to release the full findings, but here is a sneak peek into the responses we received:
- The average person uses the same password for six websites and/or platforms
- 43% of people say their loved ones would likely be able to guess their online passwords
- 2 in 5 people admit using a variation of their first and/or last name in online passwords they create
These findings reflect poor cybersecurity practices—but at the same time, 81% of respondents say they are confident in the security and privacy of their current online passwords.
Personal details are frequently included in passwords, according to our survey. Here are some of the results:
| COMMON PERSONAL DETAILS | % OF RESPONDENTS WHO SAY THEIR PASSWORDS CONTAIN THESE DETAILS |
| First name | 42.30% |
| Last name | 40.00% |
| Middle name | 31.60% |
| Date of birth | 43.90% |
| Social Security number | 30.30% |
| Phone number | 32.20% |
| Pet’s name | 43.80% |
| Child’s name | 37.50% |
| Ex-partner’s name | 26.10% |
How to use stronger passwords
This World Password Day (May 5), we remind you that common passwords are bad passwords because a hacker can easily guess them. A strong password is…
- Long: Most experts say that a password should be at a bare minimum of eight characters long and ideally 12 to 15 characters. Each additional character makes it exponentially harder to crack.
- Random: This means your password should not have meaning but be made up of a string of random letters, numbers, and symbols. It’s easy to create a password like this with a random password generator; you can find them online.
- Unique: For maximum safety, you should use a different password for every online account you have. If you repeat passwords or follow a formulaic pattern, if someone finds out one of your passwords, they could also use it to try to hack your other accounts..
If you follow these rules, your passwords will be strong and virtually impossible to remember. This is why password managers can be very useful. They store your passwords in an encrypted vault—you only have to remember a single primary password to access them.
How to keep your passwords secure?
Multi-Factor Authentication (MFA)
Instead of relying entirely on a single password to log into your online accounts, multi-factor authentication (MFA) or two-factor authentication (2FA) adds an additional layer of security by requiring another layer of authentication before proceeding.
An MFA or 2FA might come in the form of a one-time code sent via text message and email or through biometric means like facial and fingerprint scanning.
Use Password Managers
A password manager is software that stores your passwords in an encrypted vault. Most password managers also have a generating feature that helps you create strong and robust passwords based on your requirements.
Virtual Private Networks (VPNs)
While a password manager protects passwords in storage, a VPN protects them while they’re in transit. VPNs encrypt and anonymize your internet connection, preventing your passwords from getting intercepted by malicious public Wi-Fi hotspots or compromised routers. VPNs can also prevent DNS address highjacking attacks from forwarding you to fake websites.
Check if your email has been leaked
Sites like haveibeenpwned.com allow users to see if their email addresses or phone numbers have been compromised in data breaches. Simply put your email address or phone number in, and the site will tell you all the apps or services you’ve used that experienced data breaches.
Be careful who you trust
Be cautious when sharing credentials with other people, regardless of whether they’re friends or family members. If you have to share passwords, avoid sharing them through text messages or email. Instead, use secure methods like a password manager’s integrated sharing function.
Don’t save your passwords on your phone, tablet, or PC
Your phone, tablet, and PC all run the risk of being hacked into, so avoid saving your passwords on these devices. Instead, use a password manager to store and manage your passwords.
Lie on your security questions
Instead of putting in your mother’s maiden name or pet’s name or answering where you went to high school, lie on security questions. Many answers to security questions are either guessable or easy to find the answers to.
FAQ: About most common passwords
What are the most common passwords hackers leak on the dark web?
Some of the most common passwords leaked on the dark web include simple numbers and letter sequences. These passwords include:
-123456
-Qwerty
-11111
-00000
-Qwerty123
What is the most hacked password?
The most hacked passwords are those with sequences, numbers, and everyday words and phrases like ‘baby,’ ‘iloveyou,’ and ‘love.’
How do hackers get passwords?
Phishing is one of the most common methods hackers use to get passwords. It’s also possible for them to get passwords through data breaches.
What are the most common 4-digit passwords?
These are some of the most common 4-digit passwords:
-1234
-4567
-1111
-0000
-6666
What are the safest passwords?
The safest passwords are ideally at least 12 characters long, contain a mix of upper and lowercase letters and numbers, and don’t include common words or phrases.
Protect your privacy with the best VPN
30-day money-back guarantee
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Comments
wow, cool and all but this is just a whole article making it even easier for someone to break into an average person’s account. something smells phishy.
I am a civil activist in Afghanistan