Common passwords

Most common passwords of 2022

NordPass recently published its annual list of the top 200 most common passwords in the world, and the top result is no surprise to anyone.

The most-used password of the year in 2022 was:


“password” retook the top spot for the first time in a few years, after the pleasing (but very insecure) “123456” had previously knocked it off the podium.

The rest of the top 10 are equally as simple and formulaic (and no, we don’t know what col123456 means either):

A graphic showing the top ten most used passwords globally. 1. password (4,929,113 uses) 2. 123456 (1,523,537 uses) 3. 123456789 (413,056 uses) 4. guest (376,417 uses) 5. qwerty (309,679 uses) 6. 12345678 (284,946 uses) 7. 111111 (229,047 uses) 8. 12345 (188,602 uses) 9. col123456 (140,505 uses) 10. 123123 (127,762 uses)

The fact that “guest” is on this list is particularly interesting, as it has not featured in the top 200 in the last three years. Many user accounts are set up with default logins and passwords, and “guest” is a very common choice.

Failing to change your password from the default options puts your account at risk of breach, as default passwords are options very basic and easy for a hacker to break. This forms part of the Cyber Essentials certification, which is a set of requirements an organisation can put in place which will protect them from basic cyber attacks (which can be up to 80%).


NordPass trawled through 3TB of data alongside independent cybersecurity researchers to compile this list, and there are some interesting quirks and patterns hidden inside. For instance, if you’re looking for a nice, friendly country to emigrate to, the 4th most popular password in Sweden is “love”, and “iloveyou” came 8th in the Philippines. In the USA, Michael Jordan’s fame seems to have transcended his sport, as “jordan23” (4,979) was used more often than “basketball” (4,081).


In the UK, the most common password list also takes a more sporting turn, with football clubs like “liverpool” and “arsenal” popping up in the top ten:

What if my password is on the list?


If some of your passwords are on the list, we recommend that you change them as soon as possible. The same-old lessons about password strength still hold true today. Always try to make them longer, more complex, and never reuse a password for different accounts. However, the strongest password strategy means you only have to create and remember a single password yourself.


Password managers like NordPass and LastPass are currently the best way to secure your logins and avoid the fatal errors on display in these lists. They can automatically create long, complex, and randomised passwords that would take a computer years to break. They will then store those passwords for you in a secure place so that you don’t have to remember and reuse any passwords. The only password you ever need to create yourself is the one to your password manager account. However, this password has to be very strong to avoid any leaks.


A solid password strategy is key to your cybersecurity, both for you personally and for your organisation, and means you are already on the path to the Cyber Essentials certification. For more information on Cyber Essentials and its potential benefits for your business, contact OmniCyber Security’s expert team today. 

Contact us..

Related Articles