Chances are your passwords are absolutely terrible

passwords
(Image credit: Shutterstock / vladwel)

Coming up with strong and unique passwords for all of your online accounts can be difficult which is why many users have turned to using a password manager to store their passwords.

Unfortunately though, many users are still using insecure passwords for their online accounts and new research from NordPass has highlighted the most common passwords of 2020. 

At the top of the list is “123456” and while this password can be cracked in less than a minute using a password recovery solution, 2.5m users are still using it. The second worst password this year adds a few more numbers with “123456789” but it is still just as easy to crack and used by close to a million users. The number three password on NordPass's list of the most common 200 passwords of 2020 is “picture1” and despite being a new entry on he list, it takes just three hours to crack. Filling out the rest of the spots in the top 10 worst passwords of the year are “12345678”, “1111111”, “123123”, “12345”, “1234567890” and another new entry “senha”.

According to NordPass, the majority of people use simple and easy-to-remember passwords because it's convenient. However, the problem is that most memorable passwords are highly vulnerable to cracking. When it came to the categories used to create passwords, NordPass found that users typically base their passwords around numbers, QWERTY, swear words, devices, passwords, names, entertainment, sports, positive words, random letters and food.

Creating strong passwords

The first step to creating your own strong passwords is knowing what to avoid when doing so. 

NordPass recommends that users avoid using dictionary words, number combinations, repetitive characters or strings of adjacent keyboard combinations. It's especially important that users refrain from choosing passwords based on personal details that may not be completely confidential such as their name, phone number or birth date as much of this information is publicly available.

To create strong passwords for each of your accounts, they should be up to 12 characters long and include a mix of upper and lower case letters, numbers and symbols. Users should also change their passwords at least every 90 days.

If you're having difficulties creating a strong and unique password for each of your online accounts, you can always use a password generator though many of today's best password managers have one already built in.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.