Hackers guessed the world's most common password in under 1 second—make sure yours isn't on the list

Kacper Pempel | REUTERS

NordPass, the password management tool from the team behind NordVPN, released its list of the 200 most common passwords in 2022 — and it turns out people are still using notoriously weak passwords. 

The most common password in the world this year was the infamously bad "password", and it took hackers under one second to crack it. The same goes for the second and third most common passwords: "123456" and "123456789", respectively. 

NordPass compiled its list with the help of independent cybersecurity researchers who analyzed a three terabyte database to produce their findings. The list is full of fascinating (and cautionary) tidbits. For instance, nearly 5 million people around the world used "password" as their password. And of the 20 most common passwords, 18 were guessed in under one second.

The most important takeaway, though? If your password is on the list, it's time to make a change.  

To ensure you're not hacked, here's NordPass' 20 most common passwords in the world for this year — and what to do if yours is one of them:

  1. password 
  2. 123456
  3. 123456789
  4. guest 
  5. qwerty 
  6. 12345678
  7. 111111
  8. 12345
  9. col123456
  10. 123123
  11. 1234567
  12. 1234
  13. 1234567890
  14. 000000
  15. 555555
  16. 666666
  17. 123321
  18. 654321
  19. 7777777
  20. 123

Bitwarden, an open source password manager, found 31% of survey respondents in the U.S. experienced a data breach within the last 18 months, according to its 2022 password management survey. To avoid adding to that statistic, NordPass recommends choosing a complex password of at least 12 characters with a variety of upper and lowercase letters, symbols and numbers. A password generator is a helpful way to form these kinds of complex passwords.

You should also refrain from reusing a single password for multiple accounts, though the impulse is understandable — and common. The Bitwarden 2022 password management survey found more than 8 in 10 Americans reuse passwords across websites, with 49% of respondents saying they rely on memory to oversee their passwords. 

That brings us to another key piece of password hygiene: You might also consider using a password manager, like LastPass, 1Password, NordPass or Bitwarden, to store, manage and access passwords, which removes the fickle nature of your own memory. 

In addition, NordPass recommends routinely checking what accounts you're actually using. Unused accounts are an online security risk, since a breach could go unnoticed. 

Finally, you should regularly check the password strength of your existing passwords and update them with fresh and complicated ones. Even if you're not using "password" as a password, your cybersecurity efforts could probably use an upgrade

Want to earn more and work less? Register for the free CNBC Make It: Your Money virtual event on Dec. 13 at 12 p.m. ET to learn from money masters like Kevin O'Leary how you can increase your earning power.

Sign up now: Get smarter about your money and career with our weekly newsletter

I talked to 70 parents of highly successful adults: 4 phrases they never used while raising them
4 phrases parents of successful adults never used when their kids were young