Top 10 most common passwords used in the U.S. in 2022guest, 123456, password, 12345, a1b2c3, 123456789, Password1, 1234, abc123, 12345678
How do we know this?
Each year NordPass compiles the list in partnership with researchers specializing in the investigation of cybersecurity incidents. (Visit NordPass to see an expanded list by country.)
Cybercriminals know people use these simple passwords. They also know people reuse the same password for most of their online accounts. If you do this, and the one password is stolen because of a compromise, it can be used to gain access to all your accounts.
Passwords: the first line of defense against cybercriminals and data incidents
Building strong secure passwords and keeping them private are crucial to securing your personal information and other information you might handle at work.
- Go beyond the minimum requirements set by your campus if you can. The US Department of Defense requires a minimum of 15 characters in a password, which is a good rule to follow.
- You can make a password that appears random by making up a passphrase that means something to you, and only using the first letter of each word. For example, the phrase “My first job in 94 was delivering pizzas!” could become the secure password “M1stji94wdP!” Or choose some numbers, letters, and symbols and invent a mnemonic based on what you chose.
- Use two-factor or multifactor authentication whenever it’s available to help prevent unauthorized access to your devices and accounts (e.g., a unique one-time code sent to your phone or mobile device).
- Keep your password to yourself, and don’t create opportunities for someone else to steal your information:
- Don’t tell other people your password.
- Don’t write your password down.
- Don’t allow your browser to save your credentials or automatically fill your credentials for you. If you can log in automatically, so can anyone else with your device.
Visit your IT department's website for campus-specific guidance.
- Take the Password Test: Are your passwords strong enough to withstand an attempted compromise?
- Five Reasons to Avoid Password Reuse