The 200 Most Common Online Passwords of 2020 Are Awful

No, ‘naruto,’ ‘yugioh,’ and ‘pokemon’ are not good passwords.
Image: Getty Images

With more people working from home than ever because of COVID-19, online security and impenetrable passwords are increasingly important. One would hope that this shift to online life, and published annual reports about how so many passwords people use are awful, would make stupid passwords a relic of the past. Sadly, according to a new report from password manager NordPass, this doesn't appear to be the case. 


There were some newcomers to the list this year like ‘naruto’ and ‘yugioh,’ coming in at 112 and 142 respectively. Anime fandom aside, the list shows just how lacking passwords are for the current moment. Coming in at number one is ‘123456,’ and it was used 2,543,285 times…come on, people. 

The passwords were scraped and compiled in a database containing breached online information. Of the 200 NordPass scrapped last year, only 78 were newcomers in 2020, according to the company’s press release. The database they evaluated contained 275,699,516 passwords, and only 44 percent of those were unique (i.e. showed up once on the entire list). A great majority of combinations contained predictable sequences like ‘password,’ ‘12345678,’ ‘111111, and ‘12345.’ All of these passwords were in the top 10 most common and took less than a second to breach. 

Not all were numeric specific. ‘unknown’ (#33), ‘chatbooks’(#36), ‘evite’ (#41), ‘BangBang123’ (#53), ‘party’ (#76), ‘hunter’ (#121), and ‘trustno1’ (#146) are all first-timers on the list. Continuing the anime trend, ‘pokemon’ took a massive jump from its spot at 143 last year to 51 in 2020. 

“Last year, the password ‘onedirection’ came 184th on the list. This year, it didn’t make it at all,” Patricia Cerniauskaite, a spokesperson for NordPass said in an email to Motherboard. “This could be because the group has lost its popularity, as they are pursuing solo careers, or it could also be that their fans are becoming more cyber-conscious. However, ‘pokemon’ has become a much more popular password, as well as ‘blink182’—we could speculate that their popularity is rising.”


As Motherboard previously reported, while fun, trending pop culture terms are one of the first sequences hackers will target when trying to crack a combination, so it’s best to avoid them.

Understandably, it’s difficult to keep track of passwords, especially this year with the rise of online work. Cerniauskaite says this professional shift is noticeable in online data security.

“We found an interesting trend—an average user has about 25% more passwords compared to earlier this year.  According to the survey done by NordPass, nowadays, the average user has around 100 passwords,” Cerniauskaite said. “It’s highly likely that the increased average number of passwords is the result of people downloading more apps during the lockdown, whether they were work-related, or helped people to pass their free time.”

So, how can you beef up and galvanize your online profile security? The advice remains simple and consistent with previous years. The first step is to always use two-factor authentication (2FA) when given the option. Email authentication is good, SMS verification is better— this way a hacker would need access to your phone specifically to gain access to an account. Next, never use the same password for different accounts because when you do, the chance of being hacked exponentially increases. In addition, always use an eclectic mix of numbers, caps, and special characters in your sequence to deter crawlers and scraping programs. Lastly, make sure your apps are updated with the latest versions to avoid any known security bugs. 


It’s imperative to take these precautions and, by all means, if your passwords share any similarity to those on the list, change them immediately. The top 25 most common passwords on this list are below: