The worst, most used passwords of 2020 revealed…

ByCraig Haley

Every year we report on the most used passwords of the last 12 months in what is a predictably predictable annual article. It’s fair to say it’s been a turbulent year, and yet it seems that many people’s password habits are, to say the least, consistent.

Consistently bad, of course.

We have been using data released by SplashData over the last few years to determine what the most used passwords are, but they’ve not done their yearly analysis for 2020 (from what we can see, anyway) so we’re switching over to NordPass, a password management company, for the data.

And again, as we say ever year, don’t fret – these companies are not “hacking” your accounts to discover your passwords. The data they use for analysis comes from company data leaks that occur throughout the year that results in people’s passwords finding their way online. Such leaks happen every year, and this is why we never recommend using the same password across multiple accounts.

But based on the list below, we’re guessing that’s more advice that people will ignore.

So in first spot is, again, 123456. That password has topped SplashData’s list every year since 2013, and with its entry into this list from NordPass, that makes it eight years in a row as the most commonly used password.


Sponsored Content. Continued below...




To really bring home the point how bad a password 123456 is, NordPass points out that it would take automated software less than one second to crack that password in a brute force attack (brute force being guessing one password after another.)

The same applies to 123456789, which takes second spot, and it was also second in 2019 and third in 2018.

Picture1 was in third, which is a newbie to the top ten, and in fourth place is password (a previous top spot entrant pre-2013) which was also fourth in 2019 and second in 2018.

Such passwords are becoming less popular – slowly – because companies are forcing their users into picking stronger passwords (though sometimes it can feel like these requirements are a little too stringent!)

The passwords discussed above are bad. They take seconds (or less) to crack and they’ll likely spur on credential stuffing scammers should these passwords leak online – which they did. Don’t use them. You’re only asking for trouble.

Learn more about creating a strong password in our blog here.

Here’s the full, depressingly predictable top 25 most used passwords from NordPass for 2020.

#25 qwertyuiop
#24 654321
#23 123321
#22 omgpop
#21 123
#20 Qqww1122
#19 password1
#18 aaron431
#17 iloveyou
#16 1234
#15 000000
#14 Million2
#13 abc123
#12 qwerty
#11 1234567
#10 senha
#9 1234567890
#8 12345
#7 123123
#6 111111
#5 12345678
#4 password
#3 picture1
#2 123456789
#1 123456

See the 2019 list here and the 2018 list here.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)