Passwords are a simple method of protecting data, but care must be taken in creating and using them because weak passwords are vulnerable to cyberattacks. This Cybersecurity Awareness Month, see below for password security tips and resources including a list of worst passwords of 2021.

Password security tips

Create passphrases

The FBI recommends using passphrases in place of passwords. Your passphrase could include the lyrics of a song, a quote, a statement, or another set of words that are related. Secure the passphrase by adding symbols and numbers, mixing up the words, and including both upper and lowercase letters.

Save your passphrases to a password manager

Passwords for every account and device should have a unique password, which quickly becomes too many passwords to remember. Password managers do the work for you by storing your passwords so that you can focus on creating and using secure passwords that you don’t have to commit to memory. You can also use your password manager to generate long, unique passwords for you every time you sign up for an account.

Review and update your passwords

Do you use the same password/passphrase for more than one account or device? Are your passwords strong? Review your passwords and create new ones as necessary to ensure you have a secure login for all your accounts and devices.

Enable MFA

Multi-factor authentication (MFA) verifies your identity when logging into one of your accounts and adds an extra layer of protection, even if your password is hijacked.

Users must provide two out of three types of authentication in these categories:

Something you know – Passwords or pre-planned responses fall under this category.

Something you have – This could include a smart card, key, or message sent to the user with a PIN.

Something you are – Authentication could include fingerprint scans, facial recognition, or other biometric identification.

Enabling MFA is well worth the few seconds it takes to log in since people who use MFA are at a 99% lower risk of being hacked.


Password security resources

Creating, updating and managing all your passwords for all your accounts and all your devices is a big undertaking. View the resources below for faster methods of checking your password’s security, supplementing your passwords, and learning about what types of passwords to avoid.

Password strength checkup

If you want to check the strength of your passwords but aren’t sure where to start, consider entering them into a secure password checker. LastPass’s password checker will indicate the security of your password and provide tips for a stronger password. Kaspersky’s password checker will also tell you if your password can be found in databases of leaked passwords.

Worst passwords of 2021

NordPass compiled a list of most common passwords of 2021 in partnership with a third-party company specializing in data breach research. A four-terabyte database was analyzed to determine the 200 most common passwords of 2021. See below for common themes from the list. 


Numerical passwords are often selected when users are in a hurry and do not want to take the time to create a secure password. The worst password in this list was “123456,” which was used by approximately 2.5 million people and required less than a second to hack. The second-worst password was an extension on the first, “123456789.” Other commonly used passwords ranking in the top 10 for most commonly used were “11111” and “123123.”


If you are a sports fan, you may have more in common with other sports enthusiasts than the game. Unfortunately, passwords with no more than the name of a favorite sport spelled out in lowercase are increasingly common, compared to the number of users for sports passwords from 2020. “Football” was a password for 1.5 million users in 2021, and ranked #60 in the worst passwords list. “Baseball” was used by more than one million people and would take a hacker less than a second to breach.


Is your password comprised of the name of a family member? Common names for passwords are Michael, Daniel, Ashley, Charlie, and Jessica, which can all be hacked in two minutes or less. Don’t let a first name be all that stands between a hacker and your online security.


Avoiding passwords such as “1password” and “thisisapassword,” is a no-brainer, but don’t assume passwords with supposedly random letters are safe. Letter-only passwords that were used by millions of people last year include “qwertyuiop” (#18 out of 200 most commonly used passwords), “qwertyuiop,” and “asdasd.” The origin of these passwords are clearly from lines on the keyboard.

View the full  2021 “Top 200 Most Common Passwords” list by NordPass:

Quanterion offers assistance with managing user identities, and can help your organization determine the required level of protection for your system(s) and data. Risk assessments, compliance framework support, and assistance with security policies are examples of other cybersecurity services Quanterion can provide customized to your organization’s needs.

This resource was provided by Quanterion Solutions for Cybersecurity Awareness Month. Access additional Cybersecurity Awareness Month resources.

Explore Quanterion Solutions’ customizable cybersecurity services.