The strongest passwords always use a complex arrangement of numbers, letters and symbols that make them tricky to guess. If you don’t repeat characters, it can also be difficult for hackers to brute force them. Tap or click here to see our guide to stronger passwords. If you want a perfect example of what not to use as a password, look no further than the NordPass list of most common passwords for 2020. Some of these examples are laughably bad, and if you use anything similar for your accounts, it’s time to make a change.

Are people really using these passwords?

Each year, NordPass puts together a list ranking the most common passwords of the last 12 months. Some of these entries have been mainstays for several previous editions, while others have recently risen to popularity. Two common issues affecting several of these passwords are repeating or sequential characters. If a password uses the same characters multiple times or puts them in alphabetical order, for example, they’re much easier for hackers or malware to guess. Anyone with passwords on the list should change them immediately. Obviously, most are easily hackable and many have already been exposed in massive data leaks. Tap or click here to see a site that will tell you if your accounts were included in a data breach or leak. Check your own passwords against this list from NordPass and see if your cybersecurity is up to snuff.


Yes, the most commonly used password is 123456. That scene from “Spaceballs” isn’t just a joke anymore.

How can I make better, stronger passwords?

If you’re concerned about your cybersecurity (or if you happen to use any of the passwords above), you don’t have to panic. It’s not too late to shape up your passwords and secure your accounts. If you know any of your current passwords won’t work, it’s time to change them. Be creative when coming up with new ones, and never repeat them across separate accounts. If you share passwords and a hacker breaks into one account, your others will fall like dominoes. When making new passwords, don’t use your own name or common phrases that others can guess. Include numbers that aren’t personal to you and consider replacing some of them with letters. Here’s an example we use here at T/V\ho2nnL It comes from a random sentence — a Metallica lyric. “Take my hand, off to never-never land.” To start, we took the first character from each word to get “tmhotnnl.” Then we added some symbols and numbers in place of letters. M becomes /V, the “to” from the original lyric becomes 2. Finally, we capitalized some of the letters to make a strong password that’s easy to remember: “T/V\ho2nnL”. Once you’ve come up with new passwords, you can install the Google Password Checkup extension to see how safe they are to use. This extension matches your passwords with databases of known leaks and breaches. Tap or click here to discover Google’s Password Checkup extension. Finally, set up two-factor authentication for any accounts that offer the feature. This prevents hackers from going too far without physical access to your phone. Tap or click here to see how to set up 2FA. For more protection and convenience, you can use an encrypted password manager like our sponsor Roboform. Not only does Roboform store your passwords with secure encryption, but it also creates stronger passwords for you that are less likely to get cracked. Save 50% on RoboForm Everywhere and manage your passwords with ease and security when you use discount code KIM50 at checkout! Somewhere out there, a hacker is waiting to try out all of the common weak passwords against your accounts. Don’t give them a chance, and change your passwords to something more robust. Your accounts will thank you for it.