When it comes to computer security, especially password security, most people will not be surprised. You name it: laziness, difficulty remembering complex strings, or just not caring. Whatever the reason, year after year, the most commonly used passwords are also the worst passwords from a security perspective.

NordPass just announced the 200 most used passwords of 2023. Unsurprisingly, there are very few safe passwords. The top 10 passwords can all be cracked in under a second using simple brute force tools.

The vast majority of other passwords are no better. Only a few would give a hacker more than a second of trouble, such as "theworldinyourhand," which is nearly impossible to crack, is the 173rd most used password, and would take centuries to guess using brute force.

In 2023, as in previous years, continuous strings of numbers seem to be people's first choice. 123" (No. 8), "1234" (No. 5), "12345" (No. 6), "123456" (No. 1), "12345678" (No. 3), "123456789" (No. 4) and "1234567890" (No. 10) occupy the top 10 spots.

Of course, to satisfy the IT administrator at your workplace and his silly rule that passwords must be at least 8 characters long (containing at least one uppercase letter, one lowercase letter, and one number), you could use "Aa123456" (digit 9). This leaves only two passwords in the top ten that can be said to be less "lazy" than the others.

The word "password" ranked seventh, while "Password" with a capital "P" did not make the top ten because certificates are case-sensitive, ranking fifteenth. The lowercase version of "password" has been appearing in the top ten since 2020, taking the number one spot last year. Apparently, the person who created the new account seemed to think that the word in the light gray font in the box was just a suggestion.

The second most common password this year is "admin." NordPass found 4,008,850 instances, second only to numbers 1 to 6 used by more than 4.5 million users in the sample. Of course, as we all know, "admin" is the default password for many devices, so it's arguably the laziest password around.

There are a few examples on the 2023 list that are a little surprising. "UNKNOWN", ranked 11th, did not make the top 10. While still not very secure, at least it has a brute force cracking time of about 11 minutes, which is 11 minutes longer than most passwords on this list.

Strangely, adding "123" after "admin" makes it as safe as "UNKNOWN". Additionally, adding the "at" symbol (@) between the word and the number increases the hacking time to 1 hour.

"Eliska81" takes about 3 hours to crack, but we can't help but ask, how did this password become the 40th most commonly used password? At least 75,755 people are using "Eliska81" as their password. How could this happen?

Finally, the second most difficult password to crack appears at number 54. While "adminintelecom" is nowhere near the centuries it would take to guess "theworldinyourhand," a brute force attack still takes 23 days.

With so many easy-to-use credential managers to choose from, there's no excuse for poor password choice. A popular example is 1Password, which securely stores and automates login information using only one master password.

Apple users have even fewer excuses. For Mac, iPhone, and iPad users, the native Keychain app is fully integrated, accessed using a device passcode or FaceID, and syncing credentials across all platforms with virtually no setup required.

Even though it's so easy to save and store passwords now, it's a safe bet that we'll see an almost identical list next year.

If you want to see a compilation of weak passwords from this year and the past, visit the NordPass website:

https://nordpass.com/most-common-passwords-list/