No matter how often people are warned not to, they still choose daft, easily guessable passwords. If you’re using one of the 20 passwords on the list below, you’re putting yourself at enormous risk because any attack on the service/device in question will likely have these commonly used passwords at the top of the list to try. Here, then, are the worst passwords to use in 2022 – followed by some advice on how to choose stronger passwords.
The worst passwords of 2022
The list below comes from the security firm, Lookout. These are the 20 most common passwords found in data leaks that were published on the so-called Dark Web:
How to choose a strong password
By far the safest way to deal with passwords is not to try and remember them yourself – that will inevitably lead to you choosing weak passwords and/or reusing the same passwords on different sites. Both of which are terrible for your security.
Instead, use a password manager. I’d strongly recommend Bitwarden – you can read my Bitwarden review here. This includes a strong password generator that will ensure your passwords are difficult to crack and then store them all for you. It works on PC, Mac, iPhone, Android and all manner of other devices, and it’s free.
I wouldn’t recommend saving your passwords to a web browser. However, if you want to continue using your browser or another means of storing passwords, at least make sure those passwords are strong.
Andy Johnson’s article suggests several good methods for choosing strong passwords. Alternatively, LastPass has a strong password generator here or use the one in your browser’s password manager. For instance, if you have Google Chrome’s password manager turned on, it will normally offer to create a strong password for you when you click into a field asking you to choose a new password.
Want to check if your password has already been leaked in a data breach? Pop your email address into the brilliant HaveIBeenPwned (don’t worry, it’s not an adult website) and you’ll soon discover if it’s been leaked. Make sure to change the password on any accounts that HaveIBeenPwned reveals have been breached – and on any sites where you might have re-used the same breached password.