The 20 most common passwords leaked from data breaches — did yours make the list?

FILE - A Cyber Security application logo is displayed on a smartphone screen. (Photo Illustration by Avishek Das/SOPA Images/LightRocket via Getty Images)

The number of data breaches hit an all-time high in 2021, according to experts. When this happens, passwords for online accounts are commonly leaked on the dark web — putting individuals at risk for identity theft. 

Lookout, a firm offering security, privacy and identity theft solutions, recently published a list of the 20 most common passwords found in leaked account information. The list includes simple number combinations like "123456" and "111111" as well as easy-to-remember phrases such as "Password" and "Iloveyou."

People may use easy-to-guess passwords because they have too many to remember. Research from companies like NordPass has suggested that the average person has anywhere from 70 to 100 passwords. But NordPass, a password manager tool, says people often use the same password across different accounts or repeat certain elements of a password — rather than remembering each of them outright.

Research from the National Cyber Security Centre (NCSC) in 2021 showed that many use personal information for passwords to online accounts, including 15% who have used their pet's name, 14% who have used the name of a family member and 13% who have used a significant date — like a birthday or anniversary. 

Concern over password security has increased in recent years. Last year, there were 1,862 data breaches reported, according to the Identity Theft Resource Center’s 2021 Annual Data Breach Report. That figure was an all-time high and a 68% increase over reported breaches in 2020. 

This, while roughly 80% of people’s emails are leaked on the dark web as a result of data breaches, according to Lookout.

The Russian invasion of Ukraine has also brought heightened cybersecurity risks to U.S. homes and businesses. In the days leading up to Russia’s military assault, a series of cyberattacks targeted Ukraine's defense ministry and major banks

Loading Video…

This browser does not support the Video element.

Russia-Ukraine: Cybersecurity threats from Russia continue

Russia has launched a large-scale military invasion of Ukraine. LiveNOW from FOX's Mike Pache talks with Joseph Steinberg about the cybersecurity threats from Russia.

As many in the U.S. work from home, experts say Americans are more vulnerable as home networks and computers are often less protected than those at an office. Cybersecurity officials also point to recent Russian-linked cyberattacks, including against energy pipelines, federal government services, and even on hospitals and private corporations, as reasons for Americans to remain more vigilant over the coming days. 

20 most common passwords found on dark web from data breaches

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. Qwerty123
  11. 1q2w3e
  12. 1234567890
  13. DEFAULT
  14. Abc123
  15. 654321
  16. 123321
  17. Qwertyuiop
  18. Iloveyou
  19. 666666

How to make passwords more secure

First, cybersecurity experts suggest that individuals regularly ensure their computers, phones and other software are updated.

In general, the internet offers many guides on how to create a strong password — usually advising people to use eight or more characters, mix uppercase and lowercase letters, and add numbers and special characters. NordPass recommends making a password out of a sentence, such as the line of a favorite song or a random sentence. For example: "Zaragotnicetrousersonsalefor$49.99" or "Causeifyoulikedit,thenyoushouldhaveputaringonit."

Password generators can help brainstorm strong passwords.

NordPass says people should avoid using words you can find in the dictionary, especially if your password is made out of one word. It also recommends avoiding your name, birthdate or any other personal information — and don’t reuse the same password for other platforms. 

Individuals can also double-check that all passwords are secure by two-factor authentication where available, as it adds an extra layer for hackers to break through. 

This story was reported from Cincinnati.