A little background and more context about this trivia
Unfortunately but not surprising, people in general tend to be careless when it comes to computer security, especially regarding passwords. Pin it on laziness, difficulty remembering complex strings, or simply not caring. Whatever it may be, the most commonly used passwords are also the worst from a security standpoint year after year.
Despite all warnings against using poor passwords, the most popular one continues to be "123456." This trend has been observed in various surveys conducted as far back as 2016 and as recently as 2023.
The top 50 passwords have barely changed over the last few years, reflecting a persistent lack of awareness or adherence to password security best practices. Consecutive strings of numbers seem to be people's choice. Selections like "123" (8th), "1234" (5th), "12345" (6th), "123456" (1st), "12345678" (3rd), "123456789" (4th), and "1234567890" (10th) dominate the top 10. Of course, to satisfy your work's IT admin and fulfill his dumb rules of having a password of at least eight characters containing a minimum of one capital letter, one lowercase letter, and one numeral, you can always use "Aa123456" (9th).
Looking deeper at a 2023 edition report of the "Top 200 Most Common Passwords," very few of the entries are secure. The top 10 can all be cracked in under a second using simple brute-force tools... and the vast majority of the rest are no better.
Only a handful would give a hacker a problem for more than a second, and only one – "theworldinyourhand" – is virtually uncrackable. It is the 173rd most common password and would take centuries to guess using brute force.
The word "password" comes in at number seven, and since credentials are case-sensitive, "Password" with a capital "P" just missed the top 10, ranking 15th. The lowercase version has appeared in the top 10 since 2020 and took first place in 2022.
The second most common password in 2023 was "admin," with the most recent list bringing a few somewhat unexpected examples. Just missing the top 10 at number 11 is "UNKNOWN." While still not very secure, it takes about 11 minutes to brute force, which is 11 minutes more than most of the list.
Needless to say, there are no valid excuses for poor password choices when so many easy-to-use credential managers are available. Among those we can recommend are 1Password, NordPass, and KeePass.
Password managers and two-factor authentication (2FA) are recommended to generate and store complex passwords, especially for banking and other types of sensitive credentials. These tools will significantly reduce the likelihood of breaches caused by easily guessable passwords.