South Africans’ passwords are becoming even easier to guess than before, despite a dramatic increase in cybercrime.

This year, the most common password in South Africa is “123456” – and it ranks first worldwide. The next two are as easy to guess – and rising in popularity.

This reckless – and even stupid – approach to protecting credentials is revealed by NordPass in the sixth edition of its annual Top 200 Most Common Passwords research. This year, NordPass also checked how corporate passwords people use to secure work accounts differ from those for personal accounts.



Individual users’ passwords in 2024 — what changed in a year?



Below are the top 20 most common passwords in South Africa. The full list is available here: https://nordpass.com/most-common-passwords-list/

123456 password qwerty123 Abcd1234 123456789 qwerty1 12345 12345678 Aa123456 qwerty Password Password1 1234 1234567 1234567890 P@ssw0rd 123abc password1 123love admin

The sixth time’s definitely the charm but not when investigating people’s personal passwords. NordPass, which partnered with NordStellar to run the study, concludes that this year’s list again includes the worst possible choices for passwords. However, some trends are radically new and worth exploring.



Almost half of the world’s most common passwords this year are made of the easiest keyboard combinations of numbers and letters, for instance “qwerty,” “1q2w3e4r5t,” and “123456789.” South Africa is no exception here, with such passwords leading the list.



In South Africa, "123456" holds the top spot as the most popular password, aligning with a global trend where this simple sequence remains the go-to choice in many countries.



With experts repeatedly urging internet users to make their passwords stronger, many seem to have misunderstood the assignment. The popularity of "qwerty" has been challenged by similarly weak "qwerty123," which is now the most common password in Canada, Lithuania, the Netherlands, Finland, and Norway. In South Africa, this password also made a huge jump this year, reaching the top three.



The word "password" can now be considered one of the most common and enduring passwords. Year after year, it ranks at the top of every country's list. In South Africa, it is the third most-used password. For the British and Australians, it is the number one choice.



can now be considered . Year after year, it ranks at the top of every country’s list. In South Africa, it is the third most-used password. For the British and Australians, it is the number one choice. South African password choices reveal a mix of simple patterns and an attempt at creativity with options like “Abcd1234” and “P@ssw0rd,” hinting at a growing awareness of password strength. The inclusion of “123love” adds a personal, sentimental touch to the list, suggesting that memorable phrases still appeal to users. Despite these variations, common words and straightforward substitutions remain popular, showing that many users prioritize familiarity and ease of recall in their passwords.

According to NordPass’ study 78% of the world’s most common passwords can be cracked in less than a second. Compared to last year (with 70%), this tells that the situation has worsened.



Corporate passwords are just as bad



Digging deeper, in this year’s edition of NordPass’ annual Top 200 Passwords study, researchers additionally investigated how the passwords used both for personal and work use differ. The results are surprising — 40% of the most common passwords used among individuals and business representatives are the same.



Nevertheless, experts noted some interesting differences too. Default passwords such as “newmember,” “admin,” “newuser,” “welcome,” and similar are more commonly used for business accounts. Passwords presumably created for new users with an idea that they will change them, such as “newpass” or “temppass,” also often get leaked because people are not big fans of changing their passwords.



“No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person. This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online,” says Karolis Arbaciauskas, head of business product at NordPass.



Hidden dangers



According to the previously conducted survey by NordPass, on average, a single internet user has 168 passwords for personal use and 87 passwords for work use. While managing this load is simply too complicated for most, experts say that it is only natural that people tend to create weak passwords and, of course, reuse them.



However, weak passwords created by company employees serve hackers because with brute-force, dictionary, or similar large-scale attacks they can gain easy access to the company’s internal IT systems. In another common scenario, hackers break into the company using the leaked personal credentials of an employee just because they used the same passwords for both personal and work accounts.



How to properly manage your passwords for work and personal use



To avoid falling victim to cyberattacks because of irresponsible password management, Arbaciauskas recommends following a few simple but effective cybersecurity practices.

