The list of the most commonly hacked passwords of 2020 is out. And it looks like a lot of folks — and their companies — are vulnerable. NordPass just released its list of the Top 200 passwords of the year for 2020. Check out what made it to the top of the list:

Top Passwords Time to Crack it
1.) 123456 Less than a second
2.) 123456789 Less than a second
3.) picture1 (New) Three hours
4.) password Less than a second
5.) 12345678 Less than a second
6.) 111111 Less than a second
7.) 123123 Less than a second
8.) 12345 Less than a second
9.) 1234567890 Less than a second
10.) Senha (New) Ten seconds


The majority of these we’ve seen before in the past, however, there are two new entries that made the top 10 list you may want to urge your staffers not to use. The was first was “picture1” which gets cracked in three hours, and the second was “senha”, the Spanish word for password, which takes only slightly longer than its English counterpart to crack at 10 seconds.

Research by NordPass confirms what we know: people use simple, easy-to-remember passwords because it’s convenient. The most memorable passwords are also the ones highly vulnerable to cracking, the research shows.

The list of passwords was compiled in partnership with a third-party company specializing in data breach research. They evaluated a database that contained 275,699,516 passwords in total.

What should you avoid when creating a password?

Avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For instance, “password”, “qwerty”, or “123456.” Also, refrain from repetitive characters, such as “aaaa” or “123abc”, and under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.

Remember: Your attacker isn’t some guy in a ski mask trying to guess your password one try at a time. It’s a program that automatically runs through massive databases of common passwords or random combinations of characters. The best thing you can do when creating a password is to 1.) make it long (at least seven characters, both upper case and lower case and 2.) make it random (avoid plain, dictionary words).

To read the complete list of passwords, click here.

To see courses available in Quest CE’s cybersecurity catalog, click here.