As we bid farewell to 2024, it’s time for our annual moment of password-related guilt. You know the feeling – that slight twinge of shame when you type in that oh-so-simple password all while imagining your IT department’s collective sigh of disappointment. The recently released 6th edition of NordPass’s “Top 200 Most Common Passwords” study confirms what security experts have been warning us about for years: we’re still creatures of habit when it comes to digital security.

In a twist that surprises absolutely no one, the ever popular “123456” has maintained its reign as the most commonly used password across both personal and professional accounts. As millions of users continue to choose convenience over security, let’s take a closer look at the top offenders of 2024 that hackers can crack faster than you can say ‘password reset.’

Top Passwords Time to Crack it
1.) 123456 Less than a second
2.) 123456789 Less than a second
3.) 12345678 Less than a second
4.) secret Less than a second
5.) password Less than a second
6.) qwerty123 Less than a second
7.) qwerty1 Less than a second
8.) 111111 Less than a second
9.) 123123 Less than a second
10.) 1234567890 Less than a second

Breaking Bad Password Habits

Research by NordPass confirms what cybersecurity experts have long observed: the human preference for convenience often trumps security when it comes to password creation. While easily memorable passwords might save us a few seconds during login, they’re precisely the ones most vulnerable to breaching attempts.

Strong password security starts with length – experts recommend at least 20 characters combining uppercase and lowercase letters, numbers, and special symbols. Additionally, each of your accounts deserves its own unique password, as password reuse across multiple platforms can create a dangerous domino effect if one account is compromised. Rather than trying to memorize dozens of complex passwords, consider using a password manager to generate and securely store strong, unique credentials for all your accounts. Regular password audits are also crucial – reviewing and updating any weak, outdated, or reused passwords can significantly strengthen your digital security posture.

For Compliance Teams: Making Password Security Stick

As compliance officers, you’re on the front lines of password security. Here’s how to make it work:

  1. Run quarterly password audits – catch weak passwords before hackers do
  2. Make password managers mandatory – not optional
  3. Share real breach stories in your training – nothing motivates like real consequences
  4. Keep your password policy simple: 20+ characters, unique per account, change if compromised

Remember: Your reps will follow your lead. Make password security a regular part of the conversation, not just another checkbox.

To see courses available in Quest CE’s cybersecurity catalog, click here.