We’ve said it before, and we’ll say it again. And again. And again. Passwords are important. But this message still fails to reach millions of people who pick “12345” as their password.

Independent researchers, who requested to stay anonymous, compiled and shared a list of the200 most popular passwords that were leaked in data breaches just this year. The database is quite impressive — 500 million passwords in total. And if you think that’s a lot of leaked passwords, we have some bad news for you — it’s just the tip of the iceberg.

2019 saw a lot of data breaches that affected billions of internet users. Collections 1-5 alone contained almost 3 billion accounts. With data breaches becoming so commonplace, internet users need to step up their cybersecurity game.

Sports, women’s names, and food

The most popular passwords contain all the obvious and easy to guess number combinations (12345, 111111, 123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.). Surprisingly, the most obvious one — “password” — remains very popular; 830,846 people still use it.

Why has nothing changed?

Year after year, we see the same passwords at the top of the “worst passwords” list. Why do people keep on using them?

The first reason is that they are easier to remember. Simple as that — most people prefer to use weak passwords rather than strain themselves by trying to remember long, complex ones. Unfortunately, it also means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts are automatically compromised too.

Second — they think they have nothing to hide. However, you lock your door when you leave the house. Even if there’s nothing valuable inside, you still wouldn’t like strangers going through your personal belongings. So why not apply the same logic to your online life?

You might not have anything to hide, but what if you end up locked out of all your accounts — email, the file storage where you keep all your photos, social media, etc.? Imagine having to pay thousands of dollars in ransom to regain access. A weak password is a disaster waiting to happen, so take action to stop it before it’s too late.

The solution

You can easily avoid these problems by maintaining good password hygiene.

1. Go over all the accounts you have and delete the ones you no longer use. If a small, obscure website ends up breached, you might never even hear about it. You can use haveibeenpawned.com to check if your email was ever in a breach.


2. Update all your passwords and use unique, complicated ones to safeguard your accounts. Employ our password generator below to make sure they are impossible to guess.
   
   Below is an auto generated password using 16 characters.
   daM9Bf+TEBd71ZcU
   
   Copy and paste into the password checker below and see how long it would take to crack the password. In this case “size does matter.”



3. Use multi-factor authenication if you can. Whether it’s an app, biometric data, or hardware security key, your accounts will be much safer when you add that extra layer of protection.


4. Set up a password manager. Password managers are easy to use, usually syncing across all our devices, and you won’t have to worry about your passwords ending up in the wrong hands. You will only need to remember one master password and forget about the rest. Password managers will do the work for you.


5. Make sure to check your every account for suspicious activities regularly. If you notice something unusual, change your password immediately.

Data is getting more and more valuable. So as breaches continue to happen, users need to protect their data themselves. So, all the Michelles from Liverpool who like sunshine and dragons, please change your passwords right now.