Spring cleaning means more than just dusting off your curtains or decluttering your desk. It’s also the perfect time to tidy up your digital life, starting with your passwords.
World Password Day is observed on the first Thursday in May, a day that’s been encouraging people to review their passwords and security settings since Intel created the event in 2013.
Read more: Best Password Manager in 2025
Nearly every year, a list of the worst passwords makes the rounds online, and the same weak choices continue to dominate. According to password management company Nordpass, which analyzed six years of data, these poor passwords have barely changed, giving hackers easy access to user accounts year after year.
123456 isn’t the best password choice
Nordpass said it takes hackers less than a second to crack many of the top 20 most common passwords — including «password,» «qwerty123 » and «iloveyou.» The No. 1 offender? «123456.» (Seriously — haven’t we learned anything in the last decade?)
These weak passwords don’t just make users vulnerable to hackers, they’re also often reused across multiple platforms, from banking apps to email to social media.
The strongest passwords are typically long and complex. Nordpass recommends creating one that’s at least 20 characters, using a mix of upper- and lowercase letters, numbers and special symbols. «Steer clear of easily guessable information like birthdays, names, or common words,» the company warns on its website.
Passwords should be routinely checked, updated and never reused across different accounts.
Meanwhile, password managers like Nordpass, 1Password and Bitwarden can generate strong, unique passwords and store them securely, requiring you to remember only one master password to access the platform. For stronger protection, enable multifactor authentication for an added layer of security when accessing these tools.
The need to get a better grasp on password protection comes at a time when some people are pushing to eliminate passwords altogether. Apple rolled out passkeys as part of iOS 16 in 2022, followed by Google, which allows people to sign in to Google and other popular accounts such as Amazon, WhatsApp and PayPal via fingerprint, face scan, PIN or pattern using a device’s lock screen. The feature uses cryptography to better protect data from hackers and phishing scams.
Until we reach a truly passwordless future, do yourself a favor and make a password security checkup part of your to-do list today.