Most common passwords around the world 2024

Privacy news
5 mins

World map showing different passwords used in various countries.

“123456” is the most-used password in most places around the world. But once you sort frequently used passwords by country or language, you’ll start seeing very different results. 

Ones that are easy to type—such as “123456”—are the most universal. And some differences among bad passwords are simply a matter of language: “password” ranks high among English speakers, while for German speakers, it’s “passwort”; “qwerty” is replaced with “azerty” in France because of how French keyboards are arranged.

It all becomes more interesting when cultural differences influence the use of bad passwords. Fans of Juventus, an Italian football team, might find their use of “juventus” as a satisfactory choice of password. Unfortunately, it’s the fourth most common among Italian internet users. “Anathema” might sound relatively unusual as a password—unless you’re in Turkey, where the British band Anathema is apparently so big that it’s among the top 10 most common passwords.

[Watch football live streams with a VPN to enjoy every match securely—and often for free]

For this graphic, we’ve selected a popular password in various countries (nearly all are within the top 10), many of which are particular to that country, and show how cultural factors influence password creation. 

Note that much of our data comes from a third-party study of leaked passwords, courtesy of GitHub user Ata Hakçıl, and is based on the language of the associated websites. We used these languages to infer countries. Data was not available for all countries/languages.

CountryMost used password
Hong Kong5201314
Spanish-speaking regionsmustang73


Poor password selection is widespread

To find out how people approach password setting, ExpressVPN recently conducted a survey in collaboration with mobile poll provider Pollfish to ask 1,000 U.S. adults about their password selections. We have yet to release the full findings, but here is a sneak peek into the responses we received:

  • The average person uses the same password for six websites and/or platforms
  • 43% of people say their loved ones would likely be able to guess their online passwords
  • 2 in 5 people admit using a variation of their first and/or last name in online passwords they create

These findings reflect poor cybersecurity practices—but at the same time, 81% of respondents say they are confident in the security and privacy of their current online passwords.

Personal details are frequently included in passwords, according to our survey. Here are some of the results:

First name42.30%
Last name40.00%
Middle name31.60%
Date of birth43.90%
Social Security number30.30%
Phone number32.20%
Pet’s name43.80%
Child’s name37.50%
Ex-partner’s name26.10%

How to use stronger passwords

This World Password Day (May 5), we remind you that common passwords are bad passwords because a hacker can easily guess them. A strong password is…

  • Long: Most experts say that a password should be at a bare minimum of eight characters long and ideally 12 to 15 characters. Each additional character makes it exponentially harder to crack.
  • Random: This means your password should not have meaning but be made up of a string of random letters, numbers, and symbols. It’s easy to create a password like this with a random password generator; you can find them online.
  • Unique: For maximum safety, you should use a different password for every online account you have. If you repeat passwords or follow a formulaic pattern, if someone finds out one of your passwords, they could also use it to try to hack your other accounts..

If you follow these rules, your passwords will be strong and virtually impossible to remember. This is why password managers can be very useful. They store your passwords in an encrypted vault—you only have to remember a single primary password to access them.

How to keep your passwords secure?

  • Multi-Factor Authentication (MFA)

Instead of relying entirely on a single password to log into your online accounts, multi-factor authentication (MFA) or two-factor authentication (2FA) adds an additional layer of security by requiring another layer of authentication before proceeding. 

An MFA or 2FA might come in the form of a one-time code sent via text message and email or through biometric means like facial and fingerprint scanning. 

  • Use Password Managers

A password manager is software that stores your passwords in an encrypted vault. Most password managers also have a generating feature that helps you create strong and robust passwords based on your requirements. 

  • Virtual Private Networks (VPNs)

While a password manager protects passwords in storage, a VPN protects them while they’re in transit. VPNs encrypt and anonymize your internet connection, preventing your passwords from getting intercepted by malicious public Wi-Fi hotspots or compromised routers. VPNs can also prevent DNS address highjacking attacks from forwarding you to fake websites. 

  • Check if your email has been leaked

Sites like allow users to see if their email addresses or phone numbers have been compromised in data breaches. Simply put your email address or phone number in, and the site will tell you all the apps or services you’ve used that experienced data breaches. 

  • Be careful who you trust

Be cautious when sharing credentials with other people, regardless of whether they’re friends or family members. If you have to share passwords, avoid sharing them through text messages or email. Instead, use secure methods like a password manager’s integrated sharing function.

  • Don’t save your passwords on your phone, tablet, or PC

Your phone, tablet, and PC all run the risk of being hacked into, so avoid saving your passwords on these devices. Instead, use a password manager to store and manage your passwords. 

  • Lie on your security questions

Instead of putting in your mother’s maiden name or pet’s name or answering where you went to high school, lie on security questions. Many answers to security questions are either guessable or easy to find the answers to.

FAQ: About most common passwords

What are the most common passwords hackers leak on the dark web?
What is the most hacked password?
How do hackers get passwords?
What are the most common 4-digit passwords?
What are the safest passwords?
Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Vanessa is an editor of the blog.