The Worst Passwords of 2022 Revealed

The List of the worst passwords of 2022 has been published, pointing the spotlight on poor password practices. Despite the risks, these terrible passwords are still used by many people to “secure” their accounts. The worst passwords of 2022 do nothing of the sort. These passwords are top of the list in brute force attempts to access accounts and will provide almost instant access to any account that they have been used to secure.

The list of the worst passwords of 2022 includes 200 of the most commonly used passwords this year, and in each case, they allowed hackers to access accounts instantly or in just a few seconds. The study was conducted by security researchers using a 3TB password database, which included users from 30 countries.

The Worst Passwords of 2022

The table below shows the 25 worst passwords of 2022 based on the time it took to guess the passwords and the number of accounts they have been used to secure.

Rank password Time to Crack Count
1 password < 1s 4,929,113
2 1213456 < 1s 1,523,537
3 123456789 < 1s 413,056
4 guest 10s 376,417
5 qwerty < 1s 309,679
6 12345678 < 1s 284,946
7 111111 < 1s 229,047
8 12345 < 1s 188,062
9 col123456 11s 140,505
10 123123 < 1s 110,279
11 1234567 < 1s 106,929
12 1234 < 1s 105,189
13 1234567890 < 1s 102,636
14 000000 < 1s 102,636
15 555555 < 1s 98,353
16 666666 < 1s 91,274
17 123321 < 1s 83,241
18 654321 < 1s 81,231
19 7777777 < 1s 74,233
20 123 < 1s 60,795
21 D1lakiss 3hrs 50,181
22 777777 < 1s 48,903
23 110110jp 3s 48,265
24 1111 < 1s 47,935
25 987654321 < 1s 46,891

Unsurprisingly, “password” is top of the list – a password so poor that it is not even worth setting it. NordPass detected 4,929,113 accounts that were secured with “password.” Sequential numbers were common, and alarmingly, people are still setting passwords of less than 8 characters. Even more alarming is the lack of restrictions on password length on many platforms.

There is a commonly held view that simply setting a password for an account is sufficient to prevent unauthorized access. While this may prevent your wife, husband, or child from being able to access your social media account, it will present no problem to a hacker. A study conducted by Hive Systems, using the latest GPUs, found that it was possible to crack any password of 6 characters or less instantly, regardless of the makeup of the password. A password of 8 characters that included numbers, upper- and lower-case letters, and symbols took just 31 seconds. Combine those characters in a ransom password of 12 characters and it would take 3,000 years to crack. NordPass recommends passwords of at least 12 characters.

It is important to adopt the mindset that an attempt will be made to gain access to your accounts, and never to think that you or your business is too small to be attacked. A study conducted by Bitwarden to coincide with World Password Day, found 31% of respondents in the United States had suffered a data breach in the past 18 months, and while the majority of people (90%) know about password best practices, they are not always applied. One-third of respondents reused passwords on 1-5 sites.

The easiest solution to the password problem is to use a password manager. These tools will suggest strong passwords and will autofill them so they never need to be remembered. For the majority of people, they will significantly improve password security, and further, these tools can be used for free. Bitwarden, for example, has a great free tier, and the paid version is just $10 per year.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of