“123456” topped the list of most used passwords in 2024 published by NordPass. This confirms that global technology has a big problem and that the implementation of alternative methods of digital security needs to be accelerated.

The NordPass password manager has released its sixth edition Top 200 most common passwords. The annual list, now a classic, is compiled from data resulting from an analysis of the largest data breaches that occur in attacks on Internet services and in 44 countries, with a separate and joint list worldwide.

The most used passwords in 2024

Everything we’ve said in past years serves us well for this year. they are a bargain for cybercriminals They don’t even have to use advanced hacking methods, because most of the ones used are so weak that – with a single command – anyone can decrypt it in a short time. According to research, 78% of the most popular keys worldwide can be decrypted in less than a second. In this sense, we have gotten even worse, since last year it represented 70%.

The most used passwords in 2024 in Spain are simply pathetic:

1. 123456
2. 123456789
3. 12345678
4. Spain
5. qwerty123
6. 12345
7. qwerty1
8. 1234567890
9. password
10. 1234567
11. Barcelona
12. 000,000
13. 111111
14. SPAIN
15. QWERTY
16. Alexander
17. 123123
18. Spain
19. Christina
20. Qwerty123

History repeats itself year after year for the worse, and society stands out among them tendencies:

• Almost half of the world’s most used passwords this year are the simplest combination of numbers and letters on the keyboard, such as “qwerty”, “1q2w3e4r5t” and “123456789”.
• Spanish people often incorporate cities and places in Spain into their keys, reflecting a sense of local pride. This year, they highlighted slogans like “España”, “españa” and “‘barcelona”, which show attachment to these places.
• The word “password” can already be considered one of the most common and long-lasting. Year after year, it leads the ranking of all countries. In Spain, it is the ninth most used password. It’s number one for Brits and Australians.
• The popularity of “qwerty” was challenged by the equally weak “qwerty123”, which is now the most common password in Canada, Lithuania, the Netherlands, Finland and Norway. In the United States, this PIN also saw a big jump this year, ranking in the top 5.

Another negative aspect is that 40% of the most used passwords between individuals and employees are the same. On average, an Internet user may have 168 passwords for personal use and 87 passwords associated with his work activities. While this burden is simply too complicated for most to manage, experts say it’s natural for there to be a tendency to create weak keys and, worse, use them across multiple platforms.

Is there any solution? Yes, create strong passwords

The implementation of more advanced features (secure and friendly) that rid us of passwords is urgent and everything indicates that access keys (unique codes associated with specific devices such as computers, tablets or smartphones) will be the method of choice. And in general everything that comes from biometrics.

Until that happens, and given that passwords continue to be the preferred method of authentication for logging into operating systems, applications, games, or accessing Internet services on all types of machines, we must strive to create and maintain them. We leave you one more time general recommendations for their creation:

• Combine uppercase letters with lowercase letters and also numbers with letters.
• Add special characters.
• Extend the password with the largest number of digits.
• Never use typical words or common numbers.
• Never use personal names, animal names or dates of birth.
• Do not use the same password on all sites.
• Use specific passwords that are as strong as possible for banking and online shopping sites where we share credit card or other types of financial information.
• Protect your password from any third party.
• Never share your password with anyone. Not even in supposed official requests, which are usually phishing attacks.
• Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
• Clean up unused online accounts as routine maintenance.
• Check that your passwords are not hacked. Have I Been Pwned is a good place to look and also in browser managers.

Password managers, very useful

It’s nearly impossible for a human internet user to securely manage credentials to access the hundreds of accounts we surely subscribe to. There are a group of applications that are very useful. Basically this type of software reduces human error in password managementbecause it automates the process of generating and accessing websites and services.

Passwords created by these administrators are of course highly secure and meet standard standards for size and complexity. They also help against phishing attacks by instantly identifying characters from other alphabets, adding a huge advantage: We only need to remember the master password and the administrator will take care of the rest.

Apps like NordPass, LastPass, and other commercial and/or paid apps may sound familiar, but from our practical side, we designed these five open source solutions and completely free which our users really liked. A big advantage of open source administrators is the ability to audit the software and keep the credentials under your control, install it and host it yourself on our own computer. We recall the three we like the most:

– KeepPass. It’s the “granddaddy” of open source password managers and has been around since Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in many different formats.

– Bitwarden. Specially designed for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while it has corresponding mobile apps for Android and iOS. Bitwarden can share passwords and has secure access using multi-factor authentication and audit logs.

– Passbolt. A self-service password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can host the program on your own servers to maintain complete control over your data, although teams without experience or infrastructure can use a cloud version that hosts it on company servers.

Web browser administrators

If you don’t want to use a third-party manager, another option is use your browser’s own password manager. Chrome, the leader in this segment, has significantly improved its operation and capacity in the latest versions, including features offered by the above specialists, such as the detection of cracked passwords, warnings when you think the password is weak, or very simple password editing. it in its own manager.

The administrator stores them securely, allows them to be managed in the browser or globally on this page, and uses them to fill in the username and password fields the next time you visit the website. Very similar to what Mozilla did Firefox with its “Password Manager” which is one of the best in web browsers. Microsoft’s Chromium-based Edge also has its own manager, which offers the most basic of dedicated managers.

Yes, the most used passwords in 2024 are still as weak as in previous years. And no excuse is possible. It only takes a few minutes to improve the security of the internet and our digital home. And it’s a great investment. Let’s stop being advantageous to cybercriminals!