Superman, “Star Wars” among the worst passwords of 2021

Last updated on August 7th, 2022

Password manager service NordPass has published its annual list of the worst passwords of 2021. Like previous years’ lists, it’s full of the usual suspects. Unlike a few other years, where odd “trends” emerged (passwords based around Superman/Batman, “Star Wars,” etc.), none are evident in this year’s entries. There’s not even anything related to the pandemic—the top entries are just bad and uncreative.

The top 25 worst passwords of 2021

Here’s this year’s global 25 worst passwords:

1. 123456
2. 123456789
3. 12345
4. qwerty
5. password
6. 12345678
7. 111111
8. 123123
9. 1234567890
10. 1234567
11. qwerty123
12. 000000
13. 1q2w3e
14. aa12345678
15. abc123
16. password1
17. 1234
18. qwertyuiop
19. 123321
20. Password123
21. 1q2w3e4r5t
22. iloveyou
23. 654321
24. 666666
25. 987654321

Observations

NordVPN also has lists of the worst passwords by country. Along those lines, the United States’ list includes some sports: “baseball” (#18), “football” (#20), and “soccer” (#23). In comparison, the top of United Kingdom’s list has soccer references: “liverpool” comes in at #3 (and “liverpool1” at #8), and “arsenal” appears at #10. Canada’s favorite sport comes in at #11 (“hockey”) on that country’s list.

A few comic characters appear:

• Superman is the most popular comic character, surprisingly. The Man of Tomorrow appears on the global list at #81 (“superman”), on the United States’ list at #34 and (as “superman1”) #164, and at #26 on Canada’s list (as “superman”).
• Batman appears at #128 on the US list and on #121 on the Canada list (as “batman”).
• Spider-Man appears on #143 on Canada’s list (“spiderman”).
• Snoopy appears on the US list at #111, and on the Canadian list at #130 (both as “snoopy”).
• That’s it. Surprisingly, no Iron Man, Hulk, or the Avengers, or any other superheroes that were in popular conversation in 2021 (the Scarlet Witch, Falcon, Shang-Chi, etc.).

Expanding to fictional characters in general:

• “Pokemon” appears at #111 on the global list, #144 on the US’ list, and #34 on Canada’s list (all as “pokemon”). Wonder why the franchise ranked so high on the Canadian side.
• “Naruto” comes in at #135 globally (and #185 on Canada’s list), as “naruto.”
• “Star Wars” comes in at #166 globally, on the US list at #145, and on Canada’s list at #99 (all as “starwars”).
• Winnie-the-Pooh appears on the US list at #157 (“poohbear”). His pal Tigger is more popular, appearing on the US list at #35 and the Canadian list at #37 (as “tigger”).
• Mickey Mouse (presumably) appears at #90 on the US list and at #135 on the Canadian list (as “mickey”).
• Tinker Bell appears at #137 on the US list (“tinkerbell”).
• Boo Boo appears at #93 on the US list and at #178 on the Canadian list (as “booboo”). While it’s probably a reality show reference (or a generic reference to a mistake/injury), I’ll count it here as “Yogi Bear’s pal.”

The fictional characters chosen are interesting. I wonder if they’re indicative of these passwords being created either by someone fairly young (the anime references) or older (the references to Snoopy, Winnie-the-Pooh, and Tinker Bell)?

The usual password security advice

Once again, here’s my usual password security advice:

• Use a password manager, such as Bitwarden, KeePass, 1Password, or LastPass. Password managers can also create and store strong unique passwords for each site.
• Avoid using popular or famous phrases, religious quotes, catchphrases, etc. as passwords or passphrases. While “WearAMask” and “GetVaccinated” are important ideas, they make for lousy passwords.
• Don’t use Facebook (or another social network) as a login for websites. Just create a new password for the site in question. You’ll also reduce your reliance on Facebook.
• Don’t reuse passwords on more than one account. Using the same password on more than one site makes password breaches even riskier.
• Use two factor authentication if possible. Two factor (or two step) authentication helps beef up security on sites, by requiring an additional step (and separate piece of information) to log in. Google Authenticator and Authy are two popular authentication apps; I myself use Authy.

Image by Gerd Altmann from Pixabay