The NordPass team, together with information security researchers, identified the 20 passwords people used most often in 2023. The list was published on the company’s official site as part of a broader look at password habits and security risks. Audience members can gain practical insight into how weak choices leave accounts exposed and what best practices help prevent breaches. (attribution: NordPass 2023 report)
At the very top of the rankings is a sequence of digits: 1, 2, 3, 4, 5, 6. This pathetically common pattern appeared in the NordPass data 4,524,867 times in 2023. Modern brute force tools can crack such numeric strings in roughly a second, underscoring how quickly even simple guesses become dangerous. The runner-up, a familiar default choice, is the word admin, seen 4,008,850 times, with an average crack time around one second. A familiar bronze medal goes to 12345678, appearing 1,371,152 times, again with a one-second crack window. Other frequent early entries include 123456789 and 1234, recorded 1,213,047 and 969,811 times respectively, each vulnerable to rapid guessing. (attribution: NordPass 2023 report)
Beyond the top tier, several additional common passwords show up in the data. Examples include 12345 (728,414 uses), password (710,321 uses), 123 (528,086 uses), Aa123456 (319,725 uses), 1234567890 (302,709 uses), and UNKNOWN (240,377 uses). The list also features 1234567, 123123, 111111, Password, 12345678910, 000000, admin123, ****, and user, with usage counts ranging from the high hundreds of thousands to well over a hundred thousand. These patterns reveal a tendency to rely on predictable sequences, familiar terms, and numeric runs rather than unique phrases or complex combinations. (attribution: NordPass 2023 report)
The study notes that nearly all combination attempts can be compromised by automated cracking methods within seconds, except for two notable outliers: admin123 and UNKNOWN. In these cases, breaking times extended to about 11 seconds and 17 minutes, respectively, illustrating how longer or less common patterns still face risk but may offer temporary resilience against rapid attacks. The overarching message remains clear: weak passwords provide open doors. (attribution: NordPass 2023 report)
What does this mean for users and organizations today? First, it highlights the critical need for strong, unique credentials across services. Relying on easy patterns or common words dramatically increases exposure to credential-st stuffing and brute-force attacks. Second, it underscores the value of password managers, which encourage the creation and use of long, random strings that are hard to guess but easy to access for authorized users. Third, it emphasizes the importance of enabling multifactor authentication wherever possible, so that even if a password is compromised, an extra barrier protects access. (attribution: NordPass 2023 report)
Security teams and individuals should also consider adopting firm password hygiene: regular audits of existing passwords, a policy that discourages reuse across sites, and a rotation schedule that balances security with user practicality. Training and awareness efforts can help reduce the appeal of predictable sequences, nudging people toward healthier habits in a world where data breaches are increasingly common. (attribution: NordPass 2023 report)
In short, the password landscape of 2023 reflects a persistent gap between what people choose and what modern defenses require. The takeaway is straightforward: opt for strength over familiarity, leverage a password manager, and turn on multifactor authentication to close the door on attackers who still treat login pages like open invitations. (attribution: NordPass 2023 report)
Russians beforehand warned about a new fraud scheme concerning a popular subscription platform. The warning underscores the broader need to stay vigilant against phishing, credential stuffing, and social engineering attacks that target weak or reused passwords. Keeping credentials private and updating security practices remains a practical defense against evolving online threats. (attribution: NordPass 2023 report)