top of page
  • Admin

It's That Time Again: These Are The Worst Passwords Of 2022

Published: February 19, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

Every year, we look forward to the lists of the past years’ most ridiculously lousy passwords used by, well, those who really don’t seem to care about their account security. By this point, we don’t really buy that these password users truly believe they are being clever or even that they are ignorant. The Internet and online accounts have been around far too long for that and cybersecurity breaches are even discussed on mainstream media. So, there really are no excuses for using the words on these lists. Yet, some just cannot stop themselves. While the rankings seem to change year to year, sadly, the passwords don’t vary by much.

Whether you look at CyberNews, Kaspersky, or any other research, you’ll see the same ones again, that you should not be using. Here are the top 10, per NordPass, going into 2023. These are not even exclusive to the U.S. These are the worst ones worldwide.

  1. 123456

  2. 123456789

  3. qwerty

  4. password

  5. 12345

  6. qwerty123

  7. 1q2w3e

  8. 12345678

  9. 111111

  10. 1234567890

If you look at the list of the top 100 of the worst from PureVPN, you will find the above (as well as variations on them) and some fun ones like “sunshine,” “summer,” and “iloveyou,” as well as references to sports, and more than you’d think, variations on curse words.

CyberNews analyzed more than 15.2 billion passwords collected from publicly leaked data breaches. They could deduce from the passwords various details about the users such as their favorite sports, their ages, favorite cities, and perhaps even preferred curse words.

While it may be a bit easier on the noggin to recall details that are familiar, by creating passwords using that information, you are putting yourself even more at risk if you do so. Just don’t. Instead, make sure that each online account has its very own unique and difficult-to-guess password. Add in those special characters and upper- and lower-case letters. Write them down on paper and tuck them away in a locked drawer, if needed. Create a foundation password that you use over and over, but add letters from the website you’re visiting to make it easier to recall. Use a password manager if you must. Just be aware that if your master password is accessed, you will need to change all of your passwords. Using one of these is still preferable to using one of the ones on these lists.

And if you’re still not convinced, remember credential stuffing. That’s when attackers create automated ways to try every password on these lists, as well as others that they have somehow gotten their grubby paws on to access accounts that may allow them to have a good payday.

So, just reach into that right brain and create artsy passwords. When there is another big data breach, you’ll be happy if you only have to change one password…that wasn’t on these lists…to another one, also not on these lists. Please.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page