Let's be honest: you will probably find it difficult to memorize all the passwords for your online accounts.

Fortunately, there are now secured password safes.

To do this, you also have to remember a password and usually set up two-factor authentication via SMS code, Face ID or confirmation email, but you should be able to do that.

Many people are still very comfortable when it comes to assigning their passwords - and thereby risk the security of their data.

A current ranking of the NordPass password management tool now shows for the first time which - quite unimaginative and above all easy to guess - 200 passwords were set by German Internet users in the past year.

But before you find out which passwords made the list, we want to know from you:

Despite all the warnings: sequences of numbers and names dominate the password ranking


If you are now wondering why a password manager tool that is supposed to keep your passwords secret from others can compile a ranking of the most used passwords in Germany, we have the solution here: The list was compiled together with a third-party provider, which has evaluated a database with passwords that have already been leaked. So the ranking is not one hundred percent representative, but it still gives a good impression of how negligently some people surf the Internet.

If you take a closer look at the list, it is hardly surprising that these access codes have been hacked.

In particular, German users were particularly fond of using combinations of numbers that are easy to guess, such as the top three passwords “123456”, “12345678” and “123456789”.

Simple word-number sequences such as “hello123” or the particularly creative “password” were also common.

Often names are also used: the most used and cracked in the ranking was "daniel".

Lower case, of course.

Source: Unsplash.com/Brooke Cagle

Here you can see the top ten most used and hacked passwords in Germany:

  • 123456

  • 123456789

  • 12345678

  • password

  • 1234567

  • 123123

  • 1234567890

  • 111111

  • abc123

  • 00000

  • With the exception of the more than obvious English-language “password” and the particularly spectacular letter-digit sequence “abc123”, only consecutive or repetitive numerical codes are among the first ten places.

    These are particularly easy to crack for professional hackers.

    Even if you can hardly believe that someone is using "123456" as a secret solution.


    Only in eleventh place does a word appear with “dragon” - these users are either fans of the HBO series Game of Thrones or dragon lovers.

    On the other hand, it seems almost ironic if you use "fuckyou" (30th place) to secure your accounts.

    What is the hacker thinking?

    Football fans from Gelsenkirchen shouldn't use “schalke” as a password either.

    That landed at number 95.

    Hackers take advantage of the data behind the passwords

    Source: Unsplash.com/Florian Olivo

    If you can find your password in the top 200, you should act right away.

    This is also the advice of cybersecurity expert Chad Hammond, who works for NordPass:

    Most of these passwords can be hacked in less than a second.

    In addition, they have already been leaked.

    The most frequently used password “123456”, for example, was leaked 23,597,311 times.

    Chad Hammond, NordPass cybersecurity expert 

    With the help of a common and easy-to-crack password, hackers can easily access an account without authorization.

    He could then, for example, delete or change your Facebook password and all associated e-mail addresses, telephone numbers and the like.

    In addition, e-mail addresses can be used for phishing attacks or for fraud, warns Hammond.

    You can use a few simple tricks to make your password more secure

    Source: Unsplash.com/Andrew Neel


    The Federal Office for Security and Information Technology (BSI) advises first and foremost not to use just one password for all access - not even if it corresponds to all recommendations for a secure password.

    In addition, if it is offered, one should always rely on the reliable two-factor identification.

    In addition, passwords should not be sent or saved unencrypted.

    As a basic rule, you can remember: the longer a password is, the better.

    It should be at least eight characters long, use upper and lower case letters, contain special characters such as?, #,% Or _ and ideally several digits.

    It is not advisable to use consecutive numbers, dates of birth and names as well as consecutive combinations on the keyboard such as "qwertz".

    It is equally unwise to only use a special character at the beginning or end of your password.

    Instructions for creating a secure password can be found in this brief guide from the BSI.

    Cybersecurity expert Hammond also advises deleting accounts that are no longer in use.

    You should also regularly check all of your accounts for suspicious activity.

    If you follow these rules, your data should be safe from cyberattacks.