Welcome!Log into your account
Did you find this article helpful? Check your passwords now at Have I Been Pwned, and consider switching to a password manager today. Your future self will thank you.
Every day, millions of users unknowingly type their real usernames and passwords into websites that look identical to Google, Facebook, Microsoft, or their bank – but are actually clever forgeries. These are the primary weapon of modern cybercriminals. password de fakings top
| Rank | Password | Time to Crack | |------|----------|----------------| | 1 | 123456 | < 1 second | | 2 | password | < 1 second | | 3 | 123456789 | < 1 second | | 4 | 12345 | < 1 second | | 5 | 12345678 | < 1 second | | 6 | qwerty | < 1 second | | 7 | password1 | < 1 second | | 8 | 1234567 | < 1 second | | 9 | 123123 | < 1 second | | 10 | 111111 | < 1 second | Did you find this article helpful
According to annual reports from SplashData, NordPass, and the UK's National Cyber Security Centre (NCSC), the (which are also the most stolen via phishing) are: Every day, millions of users unknowingly type their
Why are these the "top" for faking attacks? Because if an attacker creates a fake Microsoft login page and sends it to 10,000 people, at least 5-10% will use one of these passwords. Even worse, users who use weak passwords tend to reuse them everywhere – email, banking, social media.
| Legitimate Sign | Fake Sign | |----------------|------------| | Domain exactly matches company (e.g., accounts.google.com ) | Domain is similar but wrong ( google-accounts-security.com ) | | Green padlock with valid EV certificate | Padlock exists but domain is misspelled | | No password field on unexpected pages | Password prompt appears randomly | | Browser remembers your password | Browser never saved password here | | 2FA page appears after password | Password is taken immediately without 2FA | Never click a link in an email or SMS to log into a sensitive account. Instead, type the official URL yourself or use a saved bookmark.