The 20 Worst Passwords in America You Must Change Now

The 20 Worst Passwords in America—Change Yours Now

Passwords are still the weakest link in online security. Despite countless warnings, millions of users continue relying on simple, predictable passwords that hackers can guess in seconds. A new report from NordPass has revealed the 20 worst passwords in America, and if yours is on the list, it’s time to change it immediately.

Why Weak Passwords Are Dangerous

Cybercriminals use automated tools that test millions of common passwords in seconds. If your password is short, simple, or reused across multiple accounts, you’re a prime target. Hackers don’t need to “hack”—they just log in.

The 20 Worst Personal Passwords in the U.S.

According to NordPass, some of the most common (and insecure) personal passwords include:

• 123456
• password
• qwerty
• 111111
• abc123

If your password looks anything like this, attackers can guess it instantly.

Workplace Password Risks

The stakes are even higher at work. Weak employee passwords can expose entire company networks, opening the door for ransomware attacks and large-scale data breaches.

How to Protect Yourself

• Use a password manager to create and store strong, unique passwords.
• Enable two-factor authentication (2FA) with an authenticator app (not SMS).
• Adopt passkeys where available for passwordless logins.
• Never reuse passwords across multiple accounts.

Final Takeaway

If any of your passwords appear on the “worst” list, change them right now. Strong, unique passwords paired with 2FA are your best defense against hackers.