Which password gets hacked more than any other password in the US?
What about in Germany?
This report summarizes the findings of the SafetyDetectives research team who collected over 18 million passwords to find the 20 most used, most predictable, and ultimately most hacked passwords all over the world.
The data used in this report was gathered from several years’ worth of leaks found on hacking forums, marketplaces, and dark web sites — usually sold as treasure troves of sensitive information for criminals. (Note: We only analyzed the data — no identifying information like usernames or banking details were compromised while conducting this research.)
Our goal was not to simply put together another “most used/hacked passwords” list. Instead, we wanted to see if there were any obvious patterns occurring around the world which would cause hackers easier access to user information, regardless of language or location.
Non-English speaking countries are often underrepresented in cybersecurity research, but non-English speakers are still vulnerable to cyber crime. It’s important to stay protected on the internet no matter where you live or what language you speak. And it all starts with a password manager (such as Dashlane) and an antivirus (Norton, Malwarebytes, and Bitdefender are some of our top recommendations).
Over 18 Million Passwords Analyzed
We collected and analyzed a total of 18,419,945 passwords.
Around 9 million passwords were from the general population:
- From various worldwide databases, we collected 9,056,593 passwords
- Note that there’s some overlap with other populations.
- From hacked .edu users, we collected 328,000 passwords.
The remaining 9 million passwords were country-specific:
- Germany — 783,756
- France — 446,613
- Russia — 5,614,947
- Italy — 49,622
- Spain — 459,665
- USA — 1,680,749
We looked at this from a lot of different angles to identify the weakest and most insecure passwords in the world.
For each population, we identified:
- The top 20 most used passwords (and the top 30 overall).
- The most popular password patterns.
- Specific cultural references to that population.
We also looked at:
- How names found in email addresses are used in passwords. We specifically looked at the use of first names in “[first_name].[last_name]@[email_provider].com” and address names in “[address_name]@[email_provider].com”.
- How these common passwords compare to the “Hacker’s List” – the list of passwords that are most often used by security researchers for dictionary attacks. (“Dictionary attacks” refers to trying many different common passwords until the right one is guessed.)
Note: Many of the passwords analyzed in this report would not be allowed to be used by sites that have password strength checks in place.