These are Israel's most common passwords of 2021

NordPass on Wednesday released a 2021 report on the most popular passwords in Israel and 49 other countries.

The most common password in Israel is “123456.” Moreover, it is the top password in 43 countries out of 50 analyzed, and is also the most popular one worldwide.

In Israel, both men and women mostly tend to use various keyboard key combinations and strings of numbers, or various random terms for passwords.

According to the report, “123456,” “shalom,” “password1” are among Israel’s 200 most common passwords of 2021.

This year, research published by NordPass features not only the top 200 passwords globally, but also covers the top 200 passwords of 50 different countries. Furthermore, readers can also explore the most common passwords among different genders in all the researched countries.

These are the top 20 most common passwords in Israel:

• 123456
• 123456789
• 1234
• 12345
• 123123
• 12345678
• password
• 1234567
• 111111
• 1q2w3e4r
• 123321
• sha256
• 1q2w3e
• 1234567890
• 121212
• 1qaz2wsx
• 123123123
• qwerty
• q1w2e3r4
• 112233

Overall, Israel has similar trends as many other countries.

Easy number combinations, such as the winning “123456,” are popular everywhere in the world. In fact, “123456” was the most popular password in 43 out of the 50 countries analyzed, including Israel, however, the top passwords in the remaining seven countries were not that much different. In India the top password was the word “password,” Indonesia — “12345,” Japan — “password,” Portugal — “12345,” Spain — “12345,” Thailand — “12345,” Ukraine — “qwerty.”

“Qwerty” and variations of it, or the localized versions of qwerty (for example, “qwertz” in Germany) are also popular in all analyzed countries.

Women in Israel tend to use positive words for their passwords. These include “loveyou,” “lovelove,” and “butterfly.” This is similar to many other countries where mostly women tend to use such words for passwords.

The NordPass research also illustrates how weak the top passwords are, indicating the time it would take the hacker to crack that password. While the “time to crack” measure is indicative, and depends on various technological aspects, it’s a good reference point on how poor these passwords are. Overall, in Israel, 171 passwords out of the 200 can be cracked in less than a second. That’s 85.5%, whereas globally, the percentage is 84.5%.

“Unfortunately, the passwords keep getting weaker and people still don’t maintain proper password hygiene,” says Jonas Karklys, CEO of NordPass. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”

Found your password on the “most popular” list?

Jonas Karklys, CEO of NordPass, advises to follow a few simple steps in order to improve your password hygiene.

If you found your password on the list, make sure to change it to a unique and strong password. Ideally, use a password generator online or in your password manager app to create a truly complex one.

Store your passwords in a password manager. Nowadays, an average person has around 100 accounts, therefore, it would be impossible to remember all the passwords if they are indeed unique and complex. Password managers are a great solution for that, however, make sure to use a trustworthy, reliable, and, ideally, third-party audited provider.

Use multi-factor authentication. Whether it’s biometric authentication, phone message, or a physical key, it’s always a good idea to add an additional security layer on top of your password.

The list of passwords was compiled in partnership with independent researchers specializing in research of cybersecurity incidents. They evaluated a 4TB-sized database.

Researchers classified the data into various verticals, which allowed them to perform a statistical analysis based on countries and gender. With regard to the gender vertical, the researched data was classified by gender only if it included a gender key. If the breached data didn’t contain the data key, it was classified as “unknown.”