worst password

The Common Passwords of 2020 – Don’t Make These Mistakes!

We have all been known to use a lazy password every now and again, but as technology progresses and hacking strategies change, this mistake can be VERY COSTLY. In the context of company security, passwords should be viewed as the keys to your kingdom and treated as such. In today’s world, passwords are the last layer of protection many people have against malicious intruders accessing their business’s critical data. In the world of health, this could be private health information. In the banking world, this could be people’s livelihoods and private banking information. In the world of business, this could be their payment methods and client data.

Nordpass released the most common passwords of 2020 and some of the passwords on this list may or may not shock you.

worst password1

In parentheses, you can see that the number two and three spots from 2019 have both moved up in the past year. The password “123456” is now number one and “123456789” moving into the number two spot. You can also see that over two and a half million people use the number one password, and more importantly it took less than one second to figure out. Hackers value their time and passwords like these are a hacker’s dream. Remember, they rely on our laziness to do their jobs.

If you are intested in seeing more of the list, you can find the complete article here.

We understand that many people use relatively easy passwords for their accounts out of convenience and because they can be easy to remember.

“I log into this site, and twenty others, every day. Why would I create a unique password for each one? How am I supposed to remember them all?”

We have all been there or thought that at one time or another, but the truth is that hackers rely on this train of thought to make their jobs easier. Here are some basic tips on how to keep your passwords protected from these malicious hackers.

  • Use STRONG and unique passwords.

You should be using passwords that are at a minimum 10 characters long, have a mix of random uppercase and lower case letters, and that utilize characters. This simple step makes identifying your passwords MUCH harder.

Hackers don’t like to spend too much time trying to hack a single password, so if yours is complex enough they may simply give up on it all together.

  • Reset your password every 90 days

This is a less common, but effective way of protecting your credentials. This practice is sometimes required by certain platforms, but if it is not you should take the initiative to reset them yourself. Resetting your password protects you in the case that parts of your password were compromised by dark web hackers. Oftentimes, if your password is compromised, these attackers will sell the information on the dark web and by resetting your password, you can prevent the purchaser from completing any attack.

  • Do NOT use the same password across multiple accounts

This is dangerous practice! Imagine a hacker gets your password for one account, but you use the password for multiple accounts… and you had better believe that the hacker will try this password in more than one place. With your email and address this attacker could gain access to all the accounts you use that password for.

In 2020 65% of people reported that they use the same password for multiple accounts, and worse 95% of people admit they know this is bad practice and 59% of them do it anyway.

  • When updating your passwords, completely change them.

49% of employees admitted that when they update their passwords, they usually just add one character to it.

This is bad practice. The idea of resetting your password is to prevent attackers from easily hacking your account. If you are only adding one additional character then you run the risk of having an easily hacked account.

  • Use a password keeper from a trusted source to manage your passwords

If you are using multiple accounts and are required to log into many different tools daily, then a password keeper may be a great solution for you. These are designed to help you log into your accounts more quickly and without needing to remember every random password you set up. I know many people use the password keepers that are built into many of the popular browsers people use, but I would consider having a back-up option to that. If you are looking for a tool like this feel free to reach out to our team at

In summary, hackers are hoping that people continue to make these basic mistakes when setting up their passwords because frankly it makes their job much easier. Although we all understand the appeal of having a convenient, easy to remember password, the cost simply isn’t worth it. Be sure to set up strong passwords and to keep password protection at top of mind every time you are working with critical business data.