Twenty Most Common Passwords Leaked Online

Mar 11, 2022
700x253 - Online Privacy Blog

Between the upsurge in the number and scale of data breaches expected in 2022 and the looming threat of cyberattacks from the Russian-Ukrainian crisis, the stakes for keeping your digital information safe are perhaps higher than they’ve ever been. When it comes to protecting your online security, a reoccurring message cybersecurity professionals continue to stress is the need to use strong and secure passwords to prevent unauthorized access to your sensitive data and financial accounts.

But even as criminals become increasingly adept at cracking login credentials with a wide range of tactics from phishing attacks to the use of software than can potentially guess billions of passwords per second, plenty of individuals are still using easy-to-guess combinations of characters and numbers as well as common phrases. What’s more, a CNBC report highlighting findings from the cybersecurity firm Lookout reveals that the majority of consumers have had their email address exposed on the dark web — making it that much easier for hackers to access their online accounts.

Given the sheer number of passwords we’re expected to handle these days, it’s perhaps unsurprising that people are falling back on default passwords and go-to phrases like “password” and “qwerty.” But the growing risks associated with weak passwords make the present an excellent time to step up your password hygiene. To get started, be sure to steer clear of using these 20 most commonly leaked passwords on the dark web, according to Lookout:

  1. 123456


  2. 123456789


  3. Qwerty


  4. Password


  5. 12345


  6. 12345678


  7. 111111


  8. 1234567


  9. 123123


  10. Qwerty123


  11. 1q2w3e


  12. 1234567890




  14. 0


  15. Abc123


  16. 654321


  17. 123321


  18. Qwertyuiop


  19. Iloveyou


  20. 666666


Dealing with password fatigue as you go about your daily business creating and tracking scores of passwords from dozens of websites and apps? As Data Privacy + Cybersecurity Insider has pointed out, this is a real issue that has spawned its own Wikipedia page. To overcome this phenomenon and strengthen your online security, try these tips below.


Best practices for creating better passwords:

  • Choose passwords that contain more than the minimum number of characters required. Shoot for 12+ characters (Microsoft data from more than 280,000 cyberattacks demonstrated that 96% of these incidents involved a password with fewer than 10 characters)
  • Use plenty of uncommon characters or special symbols (e.g., !, @ and #) rather than simply using letters and numbers.


  • Avoid using a set of consecutive numbers or letters, or characters located sequentially on the standard keyboard (e.g., qwerty123 and 1q2w3e).


  • Refrain from using personal details about your life that are publicly available, including names of children, pets, birthdays, anniversaries, your birthplace, favorite sports teams, etc. Be especially careful not to use information that can be found in a general online search and on social media channels.


  • Replace any default passwords with a secure and unique one. If you’re not convinced of the importance of resetting default passwords, check out the story of an intern blamed for a SolarWinds attack in 2019 using the passcode “solarwinds123.”


  • Don’t the same password across multiple accounts. According to Lookout, about 60% of people reuse passwords. Once hackers obtain stolen credentials, they can use this data to try to access accounts on additional sites or apps using large-scale automated login attempts in a process known as “credential stuffing.”


  • Set up multi-factor authentication when possible. With this process, a user cannot gain access to your account unless they have presented two or more forms of evidence, such as a code texted to a cellphone or a fingerprint scan.


  • Consider using a password manager. This low-cost (and sometimes free) solution takes the stress and frustration out of creating strong passwords and storing them conveniently and securely. Many of these services safeguard your data using two-factor authentication and advanced encryption methods like zero-knowledge architecture. A few top recommended providers security experts recommend: Dashlane, NordPass, 1Password, and LastPass. As asserts, high-quality password managers are extremely difficult to compromise, and most cybersecurity professionals cite them as the most secure way to protect your passwords. But if you’re still uneasy, you may want to consider using a provider that enables you to store all of your passwords on your own devices, rather than in a vault on the company’s server (e.g., an offline solution like Enpass). For an overview of options, check out “The best password managers in 2022” at Tom’s Guide.
Providing Financial Solutions to Take Care of Our Own

  • Accessibility
  • Federally insured by the National Credit Union Administration
  • Equal Housing Opportunity
  • NMLS ID# 409710

APR = "Annual Percentage Rate". Actual APR is based on your credit profile and may be higher than the lowest rate available. Posted rates may include promotional discounts and other terms and conditions. APY = "Annual Percentage Yield". Rates are subject to change without notice.

The Police Credit Union proudly provides banking and loan solutions including checking accounts, credit cards, auto loans and more for police and other law enforcement agencies and their families  in the Bay Area and beyond. Visit us at one of our branches in San Francisco, Pleasanton, San Mateo, San Bruno or Oakland, CA or check if you are eligible for membership and apply online today.

Site Design by ZAG Interactive. © 2019 The Police Credit Union.