Data breaches are at an all-time high. According to the Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report, there were 1,862 data breaches in 2021  a 68% increase over breaches in 2020. And, new year-over-year results indicate a fast start to data breaches in 2022, as more than 90% of data breaches are cyberattack-related. 


When data breaches happen, emails and passwords associated with online accounts are also commonly leaked, leaving consumers at risk of phishing scams or identity theft.  According to Lookout, on average, 80% of consumers have had their email leaked on the dark web.


Here is the company’s list of the top 20 passwords found on the dark web, due to data breaches: 

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. 12345678
  7. 111111
  8. 1234567
  9. 123123
  10. qwerty123
  11. 1q2w3e
  12. 1234567890
  14. 0
  15. Abc123
  16. 654321
  17. 123321
  18. Qwertyuiop
  19. Iloveyou
  20. 666666


Do you spot your password on this list? The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (8–64 characters). Try different variations of a passphrase and avoid common phrases, famous quotations, and song lyrics.

For more information on passwords, multi-factor authentication, and related password topics, visit