Security awareness

Breached passwords: The most frequently used and compromised passwords of the year

Christine McKenzie
September 29, 2020 by
Christine McKenzie

Passwords should be secret, so why do so many people wind up using the same popular passwords? The truth is, no one sets out to choose a password that is dangerously common or insecure. Instead, they most likely don’t realize the risk of using a common password or don’t know how to create — and protect — a strong password. 

But before users learn how to make a strong password, they should know what makes a password weak. Only then will they understand how to avoid the common security pitfalls that lead to leaked passwords and breached accounts. 

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Let’s take a look at some of the most common (i.e, least secure) passwords and how to determine if yours was breached. 

What are the most commonly breached passwords of 2020?

We’re taught to choose passwords that are obscure and hard to crack, which is why it may come as a surprise that many people use the same popular passwords. And in the world of cybersecurity, popular means insecure. Here are some of the most popular passwords of 2020: 

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

As you can tell, there is a method to the madness behind lazy passwords. Strings of sequential numbers and simple phrases like “iloveyou” and “password” top the list. 

Has your password been breached? Find out on Have I Been Pwned

There’s an easy way to find out if your password was hacked: look it up on Have I Been Pwned. Start by simply typing your password into this user-friendly site. Next, Have I Been Pwned will scour its database of breached passwords to see if yours appears in the hoard of stolen log-in credentials. 

To date, Have I Been Pwned has information on 10,093,204,490 “pwned accounts” from 457 breached websites. It’s up-to-date on major hacks on websites like MySpace, LiveJournal, Comcast and more — you can view the full list of breached websites here

How to protect yourself from a password breach

If all this talk of hacked passwords has you down, you can rest assured that there are steps you can take to protect yourself from would-be hackers. 

Create a unique password: Don’t use one of the passwords included on this list. Instead, choose something unique and, ideally, something that isn’t well-known about you. Persistent hackers aren’t above combing your social media profiles for tidbits of information that people commonly use in their passwords, like their birthday, dog’s name or favorite vacation spot. 

Never reuse passwords: When you use the same password for all of your accounts, a hacker only needs to stumble upon a single instance of that password in order to access a multitude of accounts. 

Use a password manager: You can seriously step up your password protection game by investing in a password manager. A password manager is a program that generates complex, lengthy passwords. Plus, it even stores them so you don’t have to memorize a 50-digit string of random numbers and letters. Popular password managers include Dashlane, LastPass and 1Password. 

Enable two-factor authentication: Every additional layer of security you add to your account is like an extra wall that an intruder has to climb over. Two-factor authentication is a security feature that loops in your cell phone. After you enter your password, but before you’re granted access to the account, you’ll receive a security code via text. Only someone who has access to your phone can cross the final threshold into your account. 

Conclusion: What’s a hacker’s worst nightmare? Educated end users

It’s easy for hackers to sweep in and steal passwords from thousands of unsuspecting people. But when those end users know how to keep their accounts protected with strong passwords and password managers, a hacker’s job becomes infinitely harder. With the right education and tools, you can keep your data out of the hands of cybercriminals and your password off the list of most frequently breached passwords. 

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.


Christine McKenzie
Christine McKenzie

Christine McKenzie is a professional writer with a Master of Science in International Relations. She enjoys writing about career and professional development topics in the Information Security discipline. She has also produced academic research about the influence of disruptive Information and Communication Technologies on human rights in China. Previously, she was a university Career Advisor where she worked extensively with students in the Information Technology and Computer Programming fields.