Cybersecurity experts often share advice about the do’s and don’ts of passwords as a vital part of good cyber-hygiene practices. And yet, annual roundups of the most common passwords show that many of us continue to prioritize convenience over security, putting our accounts and data at risk of theft.

NordPass has just revealed the 200 most commonly used passwords on the web in 2020, showing yet again that various easy-to-guess combinations of numbers remain as popular as ever. Seven out of the top ten worst passwords were made up of various numerical combinations, with “123456”, “123456789” and “12345678” occupying the first, second and fifth places, respectively. The third spot went to “picture1”, a new addition to the list, and was followed by, well, “password”.

If that isn’t a cause for worry, then perhaps these two facts should be –  the top five passwords have over 4.5 million users among them and they account for more than 38 million combined exposures in data breaches. Moreover, all of these passwords, except “picture1”, could be cracked in less than a second.

The chart is mostly made up of entries that also made it onto the lists of the most common passwords last year and the year before. But there have also been 78 new additions to the list, such as “senha” (Portuguese for "password"), “Million2” or “aaron431”. Part of the last one is also the most popular name used as a password.

You can browse through the whole list on NordPass’s blog, but here are the 25 that topped the list this year.

Position Password Position in 2019
1 123456 2
2 123456789 3
3 picture1
4 password 5
5 12345678 6
6 111111 17
7 123123 18
8 12345 1
9 1234567890 11
10 senha
11 1234567 12
12 qwerty 10
13 abc123 16
14 Million2
15 000000 28
16 1234 15
17 iloveyou 14
18 aaron431
19 password1 29
20 qqww1122
21 123 199
22 omgpop
23 123321 39
24 654321 36
25 qwertyuiop 22

Mine is on the list! What do I do?

If you use any of these choices to “secure” your accounts, then you should get straight to fixing them. First of all, consider using a unique passphrase for each of your online accounts; if done right, it will be far harder or even (effectively) impossible to crack. While you’re at it, avoid other pitfalls of password creation and use, including password recycling.

If you're more of a video person, then we have you covered, too:

If you’re looking for a practical and convenient solution for your password woes, then a password manager could be the answer. Most reputable security products also offer some form of password management.

To complete your security review, you should also enable multi-factor authentication on all services that offer the option. And as many login credentials are stolen in data breaches these days, it also won’t hurt to sign up for a service that checks if your password has been caught up in any such incident.