Life

These are the 20 most common passwords leaked on the dark web — make sure none of them are yours

Share
Benito Aguilar | Twenty20

Your go-to password might be easier to guess than you think.

That's according to a new report from mobile security firm Lookout, which recently published a list of the 20 passwords most commonly found in leaked account information on the dark web. The list ranges from simple number and letter sequences like "123456" and "Qwerty" to easily typed phrases like "Iloveyou."

Choosing easy-to-remember passwords is understandable: The average person has more than 100 different online accounts requiring passwords, according to online password manager NordPass. But simple passwords can be extremely easy for hackers to figure out, allowing them stress-free access to your personal data and accounts.

It's a timely concern. Cybersecurity experts say the current Russian-Ukrainian conflict could result in an uptick in cyberattacks around the world, with U.S. banks expressing concern this week that they could be targeted. That's on top of a record number of data breaches in the U.S. last year – 1,862, up 68% from 2020 – according to a January report from the nonprofit Identity Theft Resource Center.

VIDEO2:3902:39
The best financial advice I learned from my time on Wall Street

Lookout, which makes cloud security apps for mobile devices, noted in a December blog post that, on average, 80% of consumers have had their emails leaked onto the dark web. You could easily be among that majority without even knowing it.

Those leaked emails often lead hackers directly to your passwords for other online accounts and identity theft, Lookout said. Here's the company's list of the 20 passwords most commonly found on the dark web, due to data breaches:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. Qwerty123
  11. 1q2w3e
  12. 1234567890
  13. DEFAULT
  14. 0
  15. Abc123
  16. 654321
  17. 123321
  18. Qwertyuiop
  19. Iloveyou
  20. 666666

If you use any of the above passwords for any of your online accounts, you'd be wise to swap them out for something more secure. Cybersecurity experts often recommend picking something longer than the minimum number of recommended characters, and using uncommon characters – like punctuation marks or other symbols – in place of letters and numbers, to make your password harder to guess.

Lookout also noted that the majority of people reuse passwords for multiple accounts, which is a practice you should avoid whenever possible. If hackers can get into one of your accounts, you can at least make it harder for them to get into the rest of them.

You should also figure out which pieces of information about you and your family are publicly available, and avoid using passwords that include that information – including birthdays, anniversaries, names of loved ones and even your hometown.

The U.S. Commerce Department's National Institute of Standards and Technology also recommends screening your passwords against online lists of compromised passwords and using multifactor authentication, among other security tactics.

Sign up now: Get smarter about your money and career with our weekly newsletter

Don't miss:

'These 9 biggest password mistakes will get you in trouble,' warns fraud expert and ex-con artist

Protect your money by changing your banking passwords

VIDEO8:5408:54
This former Wall Street analyst now lives on $53 dollars a day in France