The passwordless future has not arrived yet. Until then, we are stuck with one of the most challenging features of modern life – password management. Because so many people reuse passwords, criminals harvest as many credentials as possible to sell to other criminals to enable ransomware attacks and data theft.
20 top compromised passwords in 2022
| Rank | Password |
| 1 | 123456 |
| 2 | 12345678 |
| 3 | admin |
| 4 | a11111 |
| 5 | 123456789 |
| 6 | password |
| 7 | 1234 |
| 8 | 12345 |
| 9 | secret |
| 10 | 111111 |
| 11 | 123 |
| 12 | 1234567890 |
| 13 | Password |
| 14 | 1 |
| 15 | admin123 |
| 16 | 1234567 |
| 17 | 123123 |
| 18 | user |
| 19 | P@ssw0rd |
| 20 | root |
There aren’t any surprises in the top 20 compromised passwords.
Tips for stronger passwords
Thankfully, ZeroFox does not collect data on only compromised plaintext passwords. Many of the credential dumps we ingest into the ZeroFox platform are hashed. In an increasing number of cases, we collected salted hashes that even we cannot crack. Unfortunately, many of the unsalted hashes we collected are well known and easily crackable.
To keep your passwords safe and protect your data, here are a few tips:
- For system administrators: we encourage you to store user credentials using the strongest possible hashing algorithm and salting those hashes.
- For users: Length and uniqueness are key. Password managers, whether the built in password managers in modern browsers or commercially available options, are the best way to ensure if one credential is compromised your whole digital life isn’t at risk.
- For security teams: it’s wise to have a threat intelligence service continually scouring the Underground Economy for your employees and customer’s compromised credentials.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
