According to the data provided by the NordPass password manager, nearly 70% of the most popular passwords people use can be hacked in less than a second.

Here are the top 10 passwords of 2019 along with the time it takes to hack them and the number of times they've been exposed in various data breaches. 

Top 10 Most Popular Passwords-2019
Password How long does it take to hack? How many times has it been exposed?
12345 Less than a second 2,380,800
123456 Less than a second 23,547,453
123456789 Less than a second 7,799,814
test1 Less than a second 13,518
Password Less than a second 130,999
12345678 Less than a second 2,938,594
zinch Less than a second 14
g_czechout 12 days Never
asdf Less than a second 315,892
qwerty Less than a second 3,912,816

"Millions of people still use generic, popular, and widely used passwords. While these might be easier to remember, people are doing hackers a huge favor by using them, as it will only take a second to crack such a weak password," says Chad Hammond, a security expert at NordPass.

How do hackers crack these passwords?

"While hackers use many effective techniques, the most common is the so-called ‘brute-force’ attack,” Hammond said. “It's an automated, common, and effective method to hack people's passwords.”

Wondering how a brute-force attack works? First, hackers check if your password is among the most popular. They will then check all the known information that you might use for your password, such as your name, address, favorite band, sports team, or your pet's name. There is also a program that will tweak this information by adding more data, like numbers or special symbols. Hackers will also translate words into Leetspeak (where “password” becomes “p422W0Rd”) or scan rainbow tables, which are vast sets of tables filled with hash values pre-matched to possible plain text passwords. Hackers will also check if your other accounts have been breached and whether you’ve reused the same password for another account.

However, there are some security solutions to protect your accounts from such attacks, according to Hammond.

  1. Use a password generator

Password generators are great tools that can generate complex passwords in seconds,” he said. “Sadly, they are still massively underused. Recent research by Kaspersky suggests that a whopping 83% of respondents make up their passwords instead of using some sort of tool that will do it for them.”

  1. Review all accounts and delete ones that are no longer in use

If a small, obscure website ends up breached, users might never even hear about it. Individuals can visit to check if their email has ever been compromised.

  1. Use 2FA when possible

Whether it's an app, biometric data, or hardware security key, accounts will be much safer with an extra layer of protection.

  1. Make sure to regularly check accounts for suspicious activities

If there’s anything unusual at all, the password should be changed immediately.