Checklist 422: Every Day Is World Password Day

National Embarrassment: “123456” Tops Corporate & Personal Password Lists in 2024, NordPass & Cybernews Reveal Security Crisis

A week after World Password Day, a new wave of password data has revealed a staggering truth: people—especially within corporate environments—are still using dangerously weak passwords. Findings published by NordPass, Cult of Mac, and ZDNet paint a sobering picture of our collective digital hygiene, showing that password practices haven’t improved despite endless warnings.

Top Passwords of 2024: A Comedy of Errors

According to NordPass, which released both Personal and, for the first time, Corporate top 10 password lists for 2024, there is shocking overlap—and not in a good way.

Top 10 Personal Passwords (NordPass, 2024)

1. 123456
2. 123456789
3. 12345678
4. password
5. qwerty123
6. qwerty1
7. 111111
8. 12345
9. secret
10. 123123

Top 10 Corporate Passwords (NordPass, 2024)

1. 123456
2. 123456789
3. 12345678
4. secret
5. password
6. qwerty123
7. qwerty1
8. 111111
9. 123123
10. 1234567890

“In five out of the six years NordPass has been doing its study, ‘123456’ was ranked as the most common password.” – Cult of Mac

94% of Passwords Are Not Unique

ZDNet, citing research from Cybernews, found that a staggering 94% of leaked passwords are reused, further compounding the security risks.

• Cybernews analyzed over 19 billion leaked passwords
• 1234” appeared in 727 million entries (≈4%)
• “123456” showed up in 338 million entries
• “password” and “admin” have remained among the most used since at least 2011
  

Why “admin” still shows up? Many devices and systems ship with “admin” as the default login. The problem is that too many users never change it, especially in business and industrial environments.

A Personal Password Journey

The podcast host shared a relatable anecdote involving a bank migration, login hurdles, and the eventual creation of a strong password. While frustration was palpable, the experience underlined a vital point: use a password manager.

Despite technical hiccups, the host ultimately created a secure, unique password, then manually stored it in a password manager—earning approval from the software for good practices like password length, special characters, and non-reuse.

Final Thoughts

Until biometrics or passkeys become truly ubiquitous, password hygiene remains our first line of defense. As long as “123456” leads the charts, World Password Day isn’t just a reminder—it’s a cry for help.

Still Not Getting It: Even Intelligence Officials Caught Reusing Weak Passwords, WIRED and NordPass Reveal

As cybersecurity experts around the world mark another World Password Day in vain, new revelations show that even high-ranking U.S. officials have been part of the password problem—confirming fears that weak and reused credentials continue to threaten personal, corporate, and even national security.

Only 6% of Passwords Are Unique, Says Cybernews

According to Cybernews, just 6% of global passwords are unique, while the remaining 94% are reused or easily guessable. This includes shockingly lazy choices like “123456,” “password,” and “admin,” still topping the lists of both personal and corporate use, as confirmed by NordPass and reported by Cult of Mac and ZDNet.

WIRED Exposé: Tulsi Gabbard Reused Weak Passwords for Years

In a deeply researched report, WIRED revealed that Tulsi Gabbard, now the U.S. director of national intelligence (DNI), reused weak passwords across multiple personal accounts for years—including during her congressional tenure.

“Leaked records reviewed by WIRED reveal that Gabbard failed to follow basic cybersecurity practices on several of her personal accounts…”

The timeline is alarming:

• Gabbard served in the House of Representatives from 2013 to 2021
• She sat on critical committees including:
  • Armed Services
  • Intelligence and Special Operations
  • Foreign Affairs
• Yet, from at least 2012 to 2019, she reportedly used the same password across multiple email addresses and services
  

While WIRED notes there’s no indication she used those passwords on government accounts, the potential exposure is still significant—especially in a political environment where security practices have been inconsistent at best.

Industry Experts: Password Habits Still Stagnant

Despite repeated warnings and ever-growing lists of breaches, most users haven’t changed their ways. Cult of Mac emphasizes that, even after six years of tracking password trends, NordPass found little to no improvement.

“The sad truth is that people aren’t getting better about this.” – Cult of Mac

In fact, many of the top 10 corporate passwords in 2024 were identical to the top 10 personal passwords, proving that bad password habits aren’t limited to average users—they persist in professional environments where stakes are higher.

Password Security Isn’t Just Personal—It’s Political

If a senior intelligence official can’t manage password hygiene, what hope is there for the general public?

This story is more than a digital hygiene lesson—it’s a wake-up call about the risks posed by outdated practices at the highest levels of influence. As the podcast host bluntly put it:

“You never know who might need to hear it… your kids… your doctor’s office… the U.S. director of national intelligence…”

What You Should Do: Expert Recommendations

• Use a password manager to generate and store complex passwords
• Avoid password reuse, even for non-critical accounts
• Enable multi-factor authentication (MFA) wherever possible
• Regularly check for compromised credentials via trusted tools

Until biometrics and passwordless authentication become mainstream, strong, unique passwords are your best line of defense. Whether you’re a parent, a professional—or the DNI—there’s no excuse for using “123456” in 2025.