The Basics

If One of These 25 Passwords Are Yours, Time to Change It!

Written by Charlie

Here are the top 25 worst passwords of 2020. Check to see if you are using any of these and make sure you change them quickly – whether it is for travel sites, membership sites, retail, or financial!

Even though coronavirus has taken the lead in all news stories for the year, online security is still nothing to overlook. Especially with so many people spending more time than ever online for work, school, and play, it is very important to make sure you have used proper security in the selection of your passwords. Unfortunately, many people still use passwords that are easy to guess or crack and that can lead to a whole lot of problems!

If One of These 25 Passwords Are Yours, Time to Change It!

I know many are not traveling but that does not mean you should not be keeping an eye on your frequent flyer or hotel accounts for breaches or points that are not there anymore!

One great way to secure your accounts is to use two-factor authentication, if the site allows for that. This involves getting a security key from a program that generates it or using another device to confirm that you are logging in. Unfortunately, most travel sites do not use this but at least IHG stopped using 4 digit passcodes for their accounts!

Anyway, here is the 2020 list of worst passwords from NordPass who compiled it from a database containing over 250 million passwords! To see the full list and their methodology, visit the site. Here are the top 25 – if you see yours here, time to change it!

  1. 123456 – up 2 positions from last year
  2. 123456789 – up 3 positions from last year
  3. picture1 – new one on the list
  4. password – up 5 positions from last year
  5. 12345678 – up 6 positions form last year
  6. 111111 – up 17 positions from last year
  7. 123123 – up 18 positions from last year
  8. 12345 – down 1 position from last year
  9. 1234567890 – up 11 positions from last year
  10. senha – new to the list (Portuguese for “password”)
  11. 1234567 – up 12 positions from last year
  12. qwerty – down 10 positions from last year
  13. abc123 – up 16 positions from last year
  14. Million2 – new to the list
  15. 000000 – up 28 positions from last year
  16. 1234 – down 15 positions from last year
  17. iloveyou – down 14 positions from last year
  18. aaron431 – new to the list
  19. password1 – up 29 positions from last year
  20. qqww1122 – new to the list
  21. 123 – up 199 positions from last year!
  22. omgpop – new to the list
  23. 123321 – up 39 positions from last year
  24. 654321 – up 36 positions from last year
  25. qwertyuiop – down 22 positions from last year

It is somewhat funny to me that “qwerty” type passwords dropped – my guess is that many don’t realize what that means. 🙂 Also funny to me is the “654321” – like the people using that thought they were being incredibly clever even though it took less than a second for that to be broken!

Most of these passwords took less than a second to crack with “aaron431” and “Million2” taking 3 hours to crack.

Bottom Line

When making passwords online, browsers like Safari will suggest very complex passwords and then keep them in the browser or the keychain for instant recall on your devices. If you want to make them yourself, the longer the better with a combination of letters (upper and lower), numbers, and special characters. Try to avoid using sequential numbers or letters and avoid names.

You can also use password managers to help you access your various online systems. Anything is better than using an easy-to-use password like the ones above!

Sure, that makes it harder to remember but also harder to crack! Years ago, I worked for a defense contractor. We had to rotate passwords every few weeks and use different ones for the each of the various systems we had access to. The crazy thing is that even at this type of place, colleagues had their passwords for the various secret and top secret access points on sticky notes taped to their monitors!

Some of the links on Running with Miles are affiliate links that pay a commission if a purchase is made. Running with Miles is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

About the author


Charlie has been an avid traveler and runner for many years. He has run in marathons around the world for less than it would cost to travel to the next town - all as a result of collecting and using miles and points. Over the years, he has flown hundreds of thousands of miles and collected millions of miles and points.
Now he uses this experience and knowledge to help others through Running with Miles.