Infographic: Common passwords by country

World map showing different passwords used in various countries.

“123456” is the most-used password in most places around the world. But once you sort frequently used passwords by country or language, you’ll start seeing very different results. 

Ones that are easy to type—such as “123456”—are the most universal. And some differences among bad passwords are simply a matter of language: “password” ranks high among English speakers, while for German speakers it’s “passwort”; “qwerty” is replaced with “azerty” in France, because of how French keyboards are arranged.

It all becomes more interesting when cultural differences influence the use of bad passwords. Fans of Juventus, an Italian football team, might find their use of “juventus” as a satisfactory choice of password. Unfortunately, among Italian internet users, it’s the fourth most common one. “Anathema” might sound relatively unusual as a password—unless you’re in Turkey, where the British band Anathema is apparently so big that it’s among the top 10 most common passwords.

For this graphic, we’ve selected a popular password in various countries (nearly all are within top 10), many of which are particular to that country and show how cultural factors influence password creation. 

Note that much of our data comes from a third-party study of leaked passwords, courtesy of Github user Ata Hakçıl, and is based on the language of the associated websites. We used these languages to infer countries. Data was not available for all countries/languages.

Poor password selection is widespread

To find out how people approach password setting, ExpressVPN recently conducted a survey in collaboration with mobile poll provider Pollfish to ask 1,000 U.S. adults about their password selections. We have yet to release the full findings, but here is a sneak peek into the responses we received:

  • The average person uses the same password for six websites and/or platforms
  • 43% of people say their loved ones would likely be able to guess their online passwords
  • 2 in 5 people admit using a variation of their first and/or last name in online passwords they create

These findings reflect poor cybersecurity practices—but at the same time, 81% of respondents say they are confident in the security and privacy of their current online passwords.

Personal details are frequently included in passwords, according to our survey. Here are some of the results:

Common personal details% of respondents who say their passwords contain these details
First name42.30%
Last name40.00%
Middle name31.60%
Date of birth43.90%
Social Security number30.30%
Phone number32.20%
Pet’s name43.80%
Child’s name37.50%
Ex-partner’s name26.10%

How to use stronger passwords

This World Password Day (May 5), we remind you that common passwords are bad passwords, because a hacker can easily guess them. A strong password is one that is…

  • Long: Most experts say that a password should be at bare minimum eight characters long, and ideally 12 to 15 characters. Each additional character makes it exponentially harder to crack.
  • Random: This means your password should not have meaning but be made up of a string of random letters, numbers, and symbols. It’s easy to create a password like this with a random password generator; you can find them online.
  • Unique: For maximum safety, you should use a different password for every online account you have. If you repeat passwords or follow a formulaic pattern, in the event that someone finds out one of your passwords, they could use it to try to hack your other accounts, too.

It’s true that if you follow these rules, your passwords will be strong but also virtually impossible to remember. This is why password managers are highly recommended. They store your passwords in an encrypted vault—you only have to remember a single primary password to access them.

Another easy way to protect your online privacy and security is by downloading a VPN app. Just turn it on, and it gives you a new IP address while encrypting your traffic. This makes it harder for intruders to see what you’re doing online.

Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Penny is an editor of the blog.