Most Commonly Hacked Passwords and How to Create a Better One

Hacked Password
Share on facebook
Share on twitter
Share on linkedin
Share on facebook

The Password Hall of Shame (And 10 Tips for Better Password Security)

Welcome back to AllTop9! Today, we’re going to give you some tips that can boost your password strength and stop hackers from breaking into your account – ever again.

If you’re an internet user (obviously you must be since you’re reading this article!), chances are you’ve had a run-in or two with a hacker or data breach. That’s unfortunately become so commonplace that an estimated 6.85 million passwords are cracked each day. That amounts to over 2.5 billion passwords in a year!

A weak password can cause all your account data to be stolen by predatory entities looking to use your information and possibly even sell it. This can be a nightmare for people who use passwords that are shorter, previously used, or even containing common words or numbers.

Gone are the days where a four-to-six digit password will cut it – now, hackers and password cracking software are able to crack those in just minutes, given the right circumstances.

We’re not going to let this happen to you. We want you to know what constitutes a bad password, what are the most commonly guessed passwords, and how to create one that will keep your accounts safe.

Check out our list of most common passwords and some resources to secure your data.

Most Common Passwords – Latest 2021 Statistics 

most hacked passwords

List of most common passwords in 2021:


You might have been able to predict that most of these would be simple number sequences. They’re easy to remember, fit the character requirements (usually to the exact character minimum), but most of all, they’re lazily created and, fittingly, the most easily guessed passwords.

Most popular years used in passwords

An incredibly common move is to use a specific year in a password. Much of the time, the year used is the birth year of the user or a loved one. Also common is using the year in which the account was created, or maybe the year of a special event. Let’s take a look at the 10 most common years used in passwords.

List of most common password years:


These are all years you should avoid putting in your password. In fact, you should generally avoid years altogether as a rule of thumb – some software knows to check for these number combinations before others, maybe making password cracking easier!

The internet’s favorite name as a password

The next easy giveaway for a password is putting a name in there. Any name, even if it’s not your own, is going to be quicker to guess than a password sans any type of regular word. Names are included in this.

Here are some of the top names used in passwords in 2021:


Even if your name is not on this list – don’t put it in your password! Just like with years, names are some of the most commonly guessed passwords, even if they’re paired with a number sequence.

And to all the Eva’s of the internet world, did you all coordinate? 🙂

The world’s favorite sports team – and sport used in creating passwords

Another super common component of all the world’s passwords includes a reference to either a favorite sports team or a specific player. We get it, your idols are your idols and they’ll be easier to remember than a jumble of special characters and numbers.

But, they’re also overused as passwords and therefore easy to guess. Below are the top sports team references used in passwords.

List of most common passwords related to sports:


Looking especially at you, NBA fans! Pro-tip though: if you’re going to use a sports reference, adding just a few special characters can make your password much harder to guess.

The internet’s favorite curse word as a password

Now for a fun one! If you’ve spent any time at all on internet forums or chat rooms, you won’t be surprised to learn that curse words are an ever-popular ingredient for a weak password.

While it’s fun to have a tongue-in-cheek component to your password, unfortunately being edgy has its drawbacks. Curse words are so commonly used that they’re now another quick-guess category.

So, make sure you’re not using dirty terms in your passwords, and especially not these top 10:

Too raunchy to be included 🙂

The world’s most common city used in passwords

One of the biggest no-no’s of creating a strong password is to include your city or even a reference to it. For example, including Chicago or Chitown are surefire ways to put your password up at risk.

Putting the name of a city unrelated to you might seem innocent, but the reality is that any real word, including a proper noun, is among the first components to be cracked by a person or software program.

In general, refrain from any references to cities or areas that might reveal personal information about yourself as well.

Now, let’s take a look at a list of the most common passwords (or keywords within them) with city references:

Abu (as in Abu Dhabi)
Hong (as in Hong Kong)
Antonio (as in San Antonio)

The top months, days, and seasons

And now we have another popular style of password: the seasons or months. Almost everyone has a favorite season or time of year, so it’s no question that it might make its way into a password here and there. Easy to remember and brings a smile, but unfortunately, a month, day, or season is something hackers know how to guess.

After all, there are only twelve months and four seasons, so that’s much easier to crack than a random word or letter combination.

List of most common passwords when it comes to months:


List of most common passwords when it comes to weekdays:


List of most common passwords when it comes to seasons:


The best food for passwords

What else is a common component of passwords in 2021? Food! We all love food and must have a favorite, and turns out many people take this love of food into their creative password-making process.

While there are more food options than, say, days of the week, they’re still complete words most of the time and therefore easy to guess. But what are internet users’ favorite foods to include in their passcodes? Let’s find out.

List of most common foods found in passwords in 2021:


Tips for managing passwords

Password management

Right now, you already know the most common components of passwords in 2021, but where to go from here? You might be wondering how to increase your password security and browse more safely on the internet.

Below are some concrete tips for creating a better password to secure your data.

Require the use of a password manager

One of the best things you can do is use a password manager. People make weak passwords that are easily guessable because they’re easy to remember – but what if you didn’t even need to remember them?

A password manager can be a physical tool you can plug into your computer or even a browser extension. This manager will create crazily complex passwords for your accounts that will autofill each time so you don’t have to retype them.

All you’ll need is one password to remember that unlocks the tool for you, and then you’re good to go!

Require the use of multifactor authentication (MFA)

The next tip we have is to enable multi-factor authentication where applicable. Many sites nowadays will offer you this option. Most of the time, they’ll ask you for a backup email or phone number they can use in tandem with the password you create.

Anyone can type in your username and password, but only you (hopefully) have access to your phone and email. If you confirm your identity through one of these extra authentication methods, you can get a whole new layer of protection. Say goodbye to nefarious login attempts from halfway across the country!

Don’t let users create passwords with dictionary words

Too many people nowadays are creating passwords with real words in them. If you’ve gathered anything from our lists above, the most commonly guessed passwords almost always have a simple word or number combo in them.

Avoiding using real dictionary words in your passwords will force you to be more creative, exercise your memory, and secure your account better. Software and talented hackers can’t crack a password like “3Y58hqJ2!” like they can “love123.”

So, whether you’re a user or a provider of an online account service, either don’t use or prevent the use of real words. It’s easy and goes a long way for security!

Length matters and phrases are longer than words

When it comes to passwords, size matters – a lot. The easiest passwords to guess usually include a single word within them. If you simply must use a phrase with dictionary words so you can remember, pay attention to creating a longer password.

It’ll take much longer to figure out a password that contains a unique phrase instead of a four or five-letter word. If you can, maybe insert different numbers or special characters in between the letters in the phrase.

For example, if you want your password to be something along the lines of “hardpassword,” try “ha1rd2pass3word!” instead. The second option could take years to crack with software as opposed to minutes!

Steer users away from passwords that include information about them

For those offering accounts and looking to make their password requirements a little bit more advanced, you could implement a requirement that users don’t use any location- or name-specific passwords.

An example is if someone named John Doe is making an account in Montana, make sure that their password doesn’t contain anything similar to their first name, last name, nor city/state.

Going for this extra step can eliminate the possibility that their password will be cracked, but also that they’ll be put at increased risk should a data breach occur.

Educate users on what makes a strong password

Another thing website developers and businesses should take into account is that many users won’t read articles like this or do much research on cybersecurity. Therefore, it can be a great idea to include some easily digestible information about password quality right on the signup screen.

If a user creates a password that is too weak, tell them why. Before validating their password, make sure it meets the requirements, but if it doesn’t definitely outline how they can make it better.

The best password requirements right now are a length of 8 characters or more, consisting of mixed-case letters, numbers, and special characters.

Regularly perform password audits

This tip can go for both account providers and users themselves.

For account providers, the best time to conduct a password audit is when new research comes out about how to make passwords better. The space is constantly developing, so when new info comes out, tell your users about it and suggest they improve their passwords!

On the user side, if you know certain accounts have weak passwords, go ahead and change them whenever you can. Luckily, nowadays browsers like Chrome will actually help you out with this. Chrome stores some passwords in autofill when you let it, and it can tell you when they’ve been breached or whether they are at risk.

Delete the accounts you no longer use

We all have accounts we set up in order to get a free trial on something, get a discount, or maybe just for a game site that has since gone defunct. When you don’t use an account anymore, there’s no reason for you to keep the password there!

Even accounts that may seem simple still store data that you definitely don’t want getting out there. So, if you remember where they are, go to the sites and close the accounts manually.

If you’re not even sure where you have ghost accounts, there are online services where if you enter your email, they’ll tell you everywhere that you have an account registered with it! Super helpful in this day and age where account amount is the main way a company predicts its success.

Try password salting

To help your users secure their data even better, you can actually use something called password salting to add an extra layer of protection. Basically, when a user submits a new password, before you store it in the system your software can add a string of random characters to the beginning.

That way, it’s even harder for malicious users of software tools to crack the passcodes. In your system, they’re basically encrypted with astronomical security if you salt.

This is more complicated if you’re not on the development side of things, so only do so if you know how to implement it. Otherwise, simply providing your users with the tools they need to secure their accounts will do wonders for a reputation.