Despite theincrease in cyber attacks and the progress in cybersecurity technologies, lot of users continue to ignore the importance of protect your credentials. And so the sixth annual report di North Pass, a proprietary password manager launched in 2019 that has been mapping password habits for six years, still highlights a worrying fact: “123456” is still the most used password, both globally and in Italy, used by over 3 million users for their personal accounts and over 1,2 million for business accounts. This behavior, which reflects a poor attention to the security of personal data, involves a serious risk, since such a simple password can be cracked in less than a second. And, in fact, the 78% of common passwords are easily vulnerable.
Weak passwords, like those listed in NordPass's ranking, are particularly exposed to “brute-force” attacks, which allow you to try thousands of combinations per second. In addition, the reuse of the same credentials across multiple accounts further increases the risk of compromising multiple systems.
The ranking of the most common passwords in the world
In his usual report “Top 200 Most Common Passwords“, NordPass has analyzed millions of credentials collected from public sources and the Dark Web. The results show that “123456” still dominates la ranking of the most used passwords in the world, a position it has held for five of the last six years. In second place are equally banal combinations, such as “123456789” and “12345678”. In addition to the numbers, however, there are also more personal choices but equally risky, like “password” (which had taken first place in 2022), “qwerty123” and words like “qwerty1” or “secret”.

Despite continued reports of weak passwords, many people continue to modify them slightly, as in the case of “qwerty”, which was changed to “qwerty123”. This version quickly became equally popular and vulnerable, especially in countries such as Canada, Lithuania, the Netherlands, Finland and Norway. The same goes for "Password", which is no longer just a choice of Italians, but is also widespread in other countries, such as the United States, where it is in fifth place, and in the United Kingdom and Australia, where it occupies first place.
The data collected highlights a surprising variety in the password preferences, which reflect cultural and personal influences. Some users choose words like “iloveyou” or stronger expressions like “fu*kyou,” while others use brand or character names, like “pokemon” or “naruto.” Still others opt for slightly modified versions of common words, like “P@ssw0rd,” which, experts warn, is easily decipherable in less than a second.
Also interesting is the Password Variation by Country: in the United Kingdom, for example, “liverpool” is common, while in Australia “lizottes” stands out, the name of a well-known club. In Finland and Hungary, on the other hand, you find “salasana” and “jelszo” respectively, which simply mean “password”.
The most common passwords in Italy
Also in Italy, the situation doesn't seem to be improving. “123456” is still the most used password, followed by other predictable combinations like “cambiami” and “123456789”. Other examples of common passwords in our country include “juventus”, “amoremio”, “francesco”, “alessandro” and “giuseppe”.

An interesting aspect of the research is that many people continue to choose words or names linked to popular culture, such as brands and famous people, but these are also easy for anyone to guess. For all these passwords, it only takes a few seconds (not minutes!) to be easily discovered.
Most Popular Business Passwords: The Same Lightness
Although passwords have long been a hotly debated topic in business scope, even in the professional sector dangerous habits persist. The 40% of passwords used both by private users and by company managers it's identical. Combinations like “admin”, “newuser” and “welcome” are particularly common, but others, like “newmember” or “newpass”, are also widely used. This is a serious danger to company safety, since choosing default or simple passwords makes it easier for cybercriminals to access company systems, even via “brute-force” attacks that test millions of combinations in seconds.
The growing number of passwords per person
The danger of a weak password is accentuated by the fact that a The average user manages approximately 168 personal and 87 work passwordsThe difficulty of keeping track of such a large number of credentials pushes many to choose simple passwords and reuse them, increasing the risk of security breaches for both individuals and businesses.
How to improve password security
For improve online security, Carolis Arbaciauskas, head of enterprise products at NordPass, suggests some fundamental best practices:
- Avoid using obvious combinations such as number sequences, common words, or personal information.
- Create complex and long passwords: It is essential to use passwords of at least 20 characters, which include numbers, letters and special symbols.
- Avoid reusing passwords: Each account should have a unique password to reduce the risk of compromise.
- Using passkeys: Passkeys are a modern technology that offers a more secure alternative to traditional passwords.
- Implement corporate password policies: Companies should adopt security policies that include, for example, multi-factor authentication (MFA) and the use of password managers to protect credentials.
The recommendation is always be careful when surfing the internet because dangers are always around the corner.
“It doesn't matter if I'm wearing a suit and tie to work or scrolling through social media in my pajamas, I'm still the same person. This means that no matter what environment I'm in, My Password Choices are influenced by the same criteria: usually convenience, personal experiences or cultural environment. Companies that ignore these considerations and leave password management in the hands of their employees risk putting I jeopardize the online security of the company and its customers" has explained Arbaciauskas.
Il NordPass Report It is based on a2,5 terabytes of data analyzed, extracted from public sources and the Dark Web. This research has allowed us to gather information on stolen passwords and data exposures, creating a detailed overview of users' habits users in 44 countries. The data was then organized by country, highlighting regional preferences in terms of credential security.
