If you use any of these passwords you need to change them now — here’s why

Passwords written down in a notebook
(Image credit: Shutterstock)

Using strong and unique passwords for each of your online accounts is highly recommended as it can prevent them from being hacked. However, even though most people are aware of this, many are still using weak passwords despite the security risk of doing so.

According to a new blog post from Cybernews, the incredibly simple “123456,” “12345” and “password” are some of the most used passwords today. Although these passwords are easy to remember, using one of them can put your accounts as well as your sensitive data at risk online.

The news outlet’s research team examined 56 million breached and leaked passwords from this year to find the weakest ones. Besides commonly used passwords like “123456” and “password,” they also found that many people use cities, animals, celebrity names, sports teams and even swear words in their passwords to make them easier to remember.

When it came to swear words, a** was used in almost 300,000 passwords while f**k was used in 79,000 passwords. Animals were also quite popular with “ant” used in 273,000 passwords followed by “cat” (122k), “rat” (100k) and “dog” (90k).

While you may want to use a word that’s easy to remember in your passwords, you actually want a password that is at least 12 characters long with a combination of letters, numbers and symbols. Of the 56 million passwords examined by Cybernews, only four percent were 12 characters long while only 28 million or around half were unique.

Weak passwords to avoid

If you're using any one of these passwords, you need to change them right now to avoid having your online accounts hacked. Instead, you should be using strong, complex and unique passwords for every site, service and app and we have more details on how you can do that below.

  • password
  • 123456
  • 123456789
  • guest
  • qwerty
  • 12345678
  • 111111
  • 12345
  • col123456
  • 123123

Seconds to crack

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

The main reason you want to use strong, complex and unique passwords is that they will be harder to crack by hackers. 

Even if you are as careful as possible, your passwords can still be leaked online after a business suffers a data breach. When this happens, your passwords will be hashed or scrambled and not stored in plain text. However, unlike with encryption, hashing gives the same results for the same word or string. For instance, if you use the word “cat” in your passwords, it will almost always be hashed the same way which allows hackers to crack your password more easily.

In a separate blog post detailing the top 200 most common passwords, NordPass found that “password,” “123456,” and “123456789” were the most popular passwords after looking through a 3 TB database. However, the firm's security researchers took things a step further by also including how long each of these weak passwords would take to crack.

Password, 123456, 123456789, qwerty and other passwords on their list can all be cracked in under one second. On the other end of the spectrum, a more complex password like “D1lakiss” would take hackers three hours to crack even though it was used by over 50,000 people. This password could be improved further by adding a few symbols and breaking up the word “kiss” which would be easily recognizable when hashed.

Why reusing passwords is so dangerous

A pair of hands using a tablet to log into an app.

(Image credit: mama_mia/Shutterstock)

Although you should be using strong and complex passwords instead of weak ones, it’s also important to avoid reusing your passwords across accounts.

Let’s say for instance you came up with a strong password that is still easy to remember and think it might be good enough to be your only password. While this might make sense at first, reusing passwords for different sites and services is one of the most dangerous things you can do. This is because once hackers get the password for one of your online accounts, they often try to see if it works with other services.

Password reuse is still one of the biggest cybersecurity problems around today but you can easily avoid it without spending hours coming up with complex passwords for each of your online accounts. If you do reuse your passwords, then you should drop what you’re doing and go through and change them now before you have your Facebook hacked or even worse, your bank account.

How to create strong, complex passwords for your online accounts

Although we mentioned earlier that you want to use 12 characters including uppercase and lowercase letters, numbers and symbols for your passwords, you don’t actually have to come up with passwords on your own. Instead, you can use a password generator to do this for you.

LastPass Free Password Generator

(Image credit: LastPass)

Fortunately, there are a number of excellent, free password generators available online from companies like 1Password, LastPass, Norton, Avast, Bitwarden and others. If these names sound familiar, that’s because many can be found on our list of the best antivirus software available as well as the best password managers. Sure, these companies want you to buy their paid products but you can use their free password generators to improve your online security for free.

Now that you’ve created strong and unique passwords for each of your online accounts, you’ll need a way to easily remember them. This is where a password manager comes into play. These services can securely store all of your passwords in one place and you can even access them on all of your devices. If you want to give using a password manager a try, there’s actually a free one that’s easy to use available right within Google Chrome. While you don’t want to store your most sensitive passwords – like those for your financial accounts – in your browser, you can use Google Password Manager first to see if a password manager may be for you. Likewise, you can also use a USB security key for two-factor authentication (2FA) for an extra layer of security when logging into your online accounts.

Although Google, Microsoft, Apple and other tech giants are trying to usher in a passwordless future, passwords aren’t going anywhere anytime soon which is why you want to ensure you are using strong and complex passwords as well as unique ones for each of your online accounts.

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
Best password managers
The best password managers in 2025
Holographic login above laptop keyboard
Yes, you can use your browser's password manager – here’s how to do it safely
A lock with cipher text in the background
Why improving your online privacy is the perfect New Year's resolution
A person typing on a computer while hackers use phishing to steal a file from their computer
It's Safer Internet Day – here are 5 tips to help you be safer online
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
NYTimes Connections
NYT Connections today hints and answers — Monday, March 24 (#652)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #386 (Monday, March 24 2025)
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know