A Look Back: The Worst Passwords of 2022
We’re looking back at the worst passwords of 2022 and exploring some interesting statistics about password trends. It’s worth noting that the data for this analysis was compiled using independent researchers specializing in cybersecurity, representing 3TB of data across 30 countries. Employees are the best defense against cybercrime, and not having secure passwords can be the most significant weakness for companies.
As expected, the most common passwords worldwide were still “password,” “123456-9,” “guest,” and “qwerty,” with a combined usage of over 7 million times. It’s important to remember that this number likely represents new entries rather than a running total, as “password” alone accounts for over 9 million entries on the dark web database.
Current events also seemed to influence password choice in 2022. For example, the Oscars were a popular inspiration, with the event being used as a password nearly 63,000 times. Film and TV show titles, such as “Batman,” “Euphoria,” and “Encanto,” were also frequently used as passwords.
Password Trends by Country
Regarding sports-themed passwords, the United States saw a strong presence in baseball, football, soccer, and basketball, with specific teams like the Red Sox, Cowboys, Lakers, Steelers, and Eagles making the list of commonly used (not secure) passwords. Canada’s top passwords included “hockey,” while Mexico had some love for “baseball.”
Another trend we observed was the use of months and years as passwords, particularly in Mexico. For example, “Temporal2020” was the 7th most popular password in the country, with other months like “Enero2020” (January 2020) and “Marzo2020” (March 2020) also appearing on the list. This trend continued into 2021, with “Temporal2021” already ranking as the 96th most common password.
Finally, names were still a popular choice for passwords across all countries. In Mexico, using names as passwords was particularly prevalent, with 2x as many names being used compared to the United States, Canada, and India.
Mexico’s worst passwords list is an excellent example of why requiring password changes every month does not work. Temporal2020 was the 7th most popular password; however, what else was in Mexico’s top 200 most common passwords? Enero2020 (41st), Febrero2020 (44th), Marzo2020 (71st), Abril2020 (173rd), Junio2020 (159th).
Are we starting to see the pattern here?
In India, sports-related passwords were missing from the top 200, but India showed some love, with iloveyou being their 12th most common password. This year I think there were a lot more support tickets and problems they needed to solve, as there was no love found in the top 50 passwords (in fact, it dropped to 81st place) and instead was replaced by “googledummy” (10th).
The worst password on the list is a tie between Mexico and India. I give that password a score of zero. Literally! A single-character password, “0,” was the 100th and 43rd most common password, respectively.
Get Password Healthy
I’m eager to report that our tribe is doing its part to ensure that strong passwords are being used at ArcherPoint.
If you are interested in learning more about steps you can take to increase cyber security at your organization, contact us today.
We hope you enjoyed this look back at the worst passwords of 2022. Remember, strong and unique passwords protect you and your organization against cybercrime.
Happy New Year, everyone!