Passwords to avoid at all costs: Aussies warned of most dangerous for 2023 that can be cracked in seconds


Australia’s most common password takes two minutes for a hacker to crack, which is much higher than the global average of less than one second.

The world’s most popular password remains the deeply insecure numerical phrase of ‘123456’. More than 4.5 million people use the very easily guessed number chain, according to analysis of leaked passwords by global password manager NordPass.

It was the second-most-common password for Australians (tut tut) in the review of 10.9TB of publicly available databases, including those on the darkweb guessed by cybercriminals who can be seeking to infiltrate your online identity and often your finances.

Head of product growth at NordPass Gediminas Brencius told Yahoo Finance Australians who might think they are making their passwords more secure by simply whacking on some extra digits are making a serious mistake.

Password hacker looking at a computer.

Passwords are a funny thing. On average we have about 100 now, which can be hard to keep track of, but if yours is on this list – change it immediately. (Credit: Getty)

Do you have a story to tell? Contact

“Special characters don’t provide value when a sequence of them is added at the end of a password like “Password123” or when letters are replaced with symbols like “P@ssw0rd”, as automatic password cracking can include such changes and add simple number sequences at the end,” he said.

“Numbers and special characters strengthen the passwords only when they are added randomly.”

Aussies appear to have bucked the numerical-sequence trend (which accounts for almost a third of the world’s most popular passwords). Instead the word ‘banned’ topped our list.

If you have any of the following passwords you should change them immediately.

Australia’s 20 most dangerous passwords for hackers

1. Banned – 2 minutes to crack

2. 123456 – less than a second to crack

3. Admin – less than a second to crack

4. password – less than a second to crack

5. 1234 – less than a second to crack

6. qwerty123 – less than a second to crack

7. 12qwasZX – less than a second to crack

8. 12345 – less than a second to crack

9. 12345678 – less than a second to crack

10. qwerty – less than a second to crack

11. Qwerty123 – less than a second to crack

12. 123456789 – less than a second to crack

13. Starwars29 – 3 seconds to crack

14. welcome11 – 2 seconds to crack

15. ******** – less than a second to crack

16. Deadman01 – one minute to crack

17. Password1 – less than a second to crack

18. 111111 – less than a second to crack

19. Password – less than a second to crack

20. Abc123 – less than a second to crack

Brencius said to have the most secure password you should use a random one “consisting of at least 20 characters, including uppercase, lowercase letters, as well as symbols and numbers”.

He said passphrases – basically a sentence all mashed up together which is longer and sometimes easier for people to remember – are more secure than a simple word but only because “they create a longer password”.

“In general, just like passwords, passphrases can be very secure or not secure at all. It completely depends on the specifics of the passphrase chosen. If done properly, a passphrase has the potential to be plenty secure,” he said.

The least-secure passwords for Australians appeared to be used for streaming services – likely because they were generally shared with others – while financial services tended to have the highest password strength.

This is good considering scams cost Aussies a record $3.1 billion last year.

The annual Cyber Threat Report alarmingly revealed this week that there is a cybercrime reported in Australia every six minutes, but the true number is feared to be much higher.


Australians are a big target for cybercriminals given our wealth and high number of internet users.

The Australian Signals Directorate received 94,000 reports of cybercrimes over the past year, a 23 per cent jump from last year. Business email compromise cost the average victim $39,000.

Millions of Australians have fallen victim to data breaches, with customers of huge companies like Optus, Medibank and Dymocks having data stolen and leaked.

Interesting password facts

  • The average user has 100 different passwords

  • 18 per cent of items for sale on the dark web are online accounts with emails and passwords

  • 86 per cent of web app attacks use stolen credentials

  • 24 billion credentials have been breached since 2016

How to make a safe password

Use complex passwords: Your password should be at least 20 characters long and include a mix of uppercase and lowercase letters, numbers, and special symbols. Avoid using easily guessable information like birthdays, names, or common words.

Never reuse passwords: Do not fall into the trap of using the same password across multiple sites or services. If one account gets compromised, all your accounts could be at risk.

Check your passwords: Take the time to regularly assess your password health. Identify weak, old, or reused passwords and improve with new and complex ones for a safer online experience.

Use a password manager: Generate and store complex and unique passwords for each of your accounts with the help of a password manager. The tools can generate, retrieve and store complex passwords for you. Check out an explainer on six different options here.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to our free daily newsletter.

Yahoo Australia

The post Passwords to avoid at all costs: Aussies warned of most dangerous for 2023 that can be cracked in seconds First appeared on

Leave A Reply