Study reveals shocking list of the most common corporate passwords

An analysis of password habits by cybersecurity firms NordPass and  NordStellar found that “123456” is the most commonly used password in the world, despite taking hackers less than a second to crack. Further, it's been the most common password for five out of the last six years, losing only once to “password”—which, in 2024, ranked fifth.

“After analyzing 6 years' worth of data, we can say there hasn't been much improvement in people's password habits. So, despite many organizations' efforts to spread awareness, the problem is still as prevalent as ever,” the report reads. 

For their new report, “Top 200 Most Common Passwords,” NordPass and NordSteallar examined more than 2.5TB of login credentials, including information leaked on the dark web from various network breaches. Their analysis included passwords used both at home and in corporate settings; however, the distinction between the two was, alarmingly, minimal. 

“If you check out the top 10 most common personal passwords and compare them to the corporate list, you’ll notice they’re nearly identical. This highlights that people tend to rely on the same weak passwords for both their personal and work lives,” the authors wrote.

The top 20 most common passwords used in a corporate setting are:

  1. 123456
  2. 123456789
  3. 12345678
  4. secret
  5. password
  6. qwerty123
  7. qwerty1
  8. 111111
  9. 123123
  10.  1234567890
  11. qwerty
  12. 1234567
  13. 11111111
  14. abc123
  15. iloveyou
  16. 123123123
  17. 000000
  18. 00000000
  19. a123456
  20. password1

All 20 are easily crackable, taking a hacker less than a second to bypass, the report said. 

Time for a cybersecurity audit

The full report can be broken down to individually view the top passwords in 44 countries. No country performed particularly well, meaning that cybersecurity hygiene is a global problem. Further, the list barely changes from year to year, signaling that companies neglect password audits—at least, until they suffer a data breach.

Compromised logins can lead to a massive data leak or ransomware attack. For example, the breach of Change Healthcare’s network occurred because phished credentials were used to login to a server that lacked multifactor authentication. That cyberattack impacted 100 million people. 

Regardless of the industry, NordPass and NordStellar recommend organizations and individuals “regularly check the health” of passwords to ensure they’re using secure credentials. 

“Your password should be at least 20 characters long and include a mix of uppercase and lowercase letters, numbers and special symbols. Steer clear of easily guessable information like birthdays, names or common words,” they noted.

The full analysis can be found here.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.