Arrow back

Most common passwords of 2022: Is yours on the list?

26 April, 2023

Passwords, passwords, passwords. They’re the backbone of modern internet security, though you’d be hard-pressed to find anyone that actually enjoys using them.

Despite being an essential aspect of our information security, protecting our personal information from unauthorised access and keeping our digital assets safe, many of us seem unwilling to upgrade our passwords.

Think we’re being unfair? Join us as we explore what were the most common passwords of 2022, discuss the importance of creating strong passwords and share how to do it.

We'll also discuss whether to use a password manager and why training your employees to create strong passwords is more effective than relying solely on a password manager.

Ready to get started? Let’s go.

What were the most common passwords of 2022?

The most common passwords of 2022 are, unfortunately, rather predictable.

According to new research from SplashData, the top three passwords are "123456," "qwerty," and "123456789." Here are the top 10:

  • 123456
  • 123456789
  • qwerty
  • password
  • 1234567
  • 12345678
  • 12345
  • iloveyou
  • 111111
  • 123123

Comparing these passwords to what we wrote about last year, there’s a notable lack of progress with the security of these passwords. Indeed, these passwords are so weak that they can be easily guessed by hackers, putting your personal information and digital assets at risk.

Other commonly used passwords include "admin," and "letmein." These passwords are easy to remember but offer no protection against unauthorised access. But why do we make such insecure passwords?

Test your password strength

Password Strength Checker

Password Strength Checker

Password Strength:
Time to crack:

What makes us use weak passwords?

There are three key factors that contribute to the weak password epidemic: lack of awareness, convenience and resistance to change.

Lack of awareness

A primary reason why people use weak passwords is, simply a lack of awareness of the risks involved. Many people are not aware of the potential consequences of using weak passwords or believe that they are not at risk of being hacked. This misconception can be dangerous, as anyone can fall victim to cybercrime, and it only takes one breach to crack a company's data wide open.

The convenience factor

One of the most common reasons why people choose weak passwords is convenience. It is easier to remember a simple password than a complex one, and people often use the same password for multiple accounts to avoid having to memorise different ones. This practice is dangerous because if a hacker gains access to one of your accounts, they will have access to all of them.

Resistance to change

Many people are resistant to change, and this includes changing their passwords. People often become attached to their passwords and may feel that changing them is unnecessary or inconvenient. Additionally, some people may not know how to create a strong password, or how to change it.

How to create a strong password

Creating a strong password is relatively easy and is one of the most effective ways to protect your personal information and digital assets. Here are some tips for creating a strong password:

  • Length is key: The longer your password, the more difficult it is for hackers to guess. Aim for a password that's at least 12 characters long.
  • Use a mix of characters: Use a combination of uppercase and lowercase letters, numbers, and symbols. This makes it harder for hackers to crack your password.
  • Avoid common words: Don't use words that are easily guessed, such as "password" or "admin." Instead, try using a random combination of letters, numbers, and symbols.
  • Don't reuse passwords: Avoid using the same password for multiple accounts. If a hacker gains access to one account, they can use that password to access your other accounts.

Protect your organisation with truly effective training

Join the thousands who've discovered how Bob's Business' security and compliance awareness training reduces risk, demonstrates improvement and builds cultures.

Should you use a password manager?

Password managers are tools that store and encrypt your passwords, making it easier to use strong, unique passwords for each account.

Many password managers also generate random passwords for you, so you don't have to come up with them yourself.

However, just because you use a password manager, it doesn’t automatically mean all of your data is safe, if the password manager is compromised, all passwords will be at risk. Just look at the recent LastPass data breach, for an example there.

That’s why it remains best practice to choose memorable yet secure passwords and keep them in your own mind.

Is employee password training useful?

While we’ve established that secure passwords are essential, the truth is that while virtually everyone agrees on that point, many fail to update their passwords.

For organisations, that poses a real issue. With a single breached password potentially giving a cybercriminal unfettered access to your data and systems, something has to be done.

Sharing this blog is a great start, but the real key is in consistent, regular training that reminds your team on the importance of strong passwords, the steps required to create strong passwords and how to follow good password practices.

This is especially important since human-error accounts for 90% of all breaches.

How Bob’s Business can help to protect your organisation

At Bob's Business, we build cybersecurity awareness training that your teams actually want to take, designed from the ground up to protect your organisation.

That's why we offer tailored and engaging online training courses that empower all team members to recognise and respond to cyber threats, ultimately reducing the risk of breaches caused by human error.

Our training is designed to be interactive, easily integrated into your busy schedule, and delivered in bite-sized modules to ensure your team stays motivated and focused throughout the training process.

Take action now and protect your organisation and customers from cyber threats by exploring our range of comprehensive cybersecurity awareness training products.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance