New research from Nordpass has revealed the most common passwords used by Australians, with ‘banned’ topping the list.

Nordpass, in collaboration with independent researchers, evaluated a 4.3 terabyte database of publicly available sources, including those on the dark web.

The data revealed that ‘banned’ was the most common password in Australia, while ‘123456’ was the world’s most common and Australia’s second most common password.

Other commonly used passwords included admin, 1234, password, qwert123 and Password1.

Top 20 passwords in Australia:

1. banned
2. 123456
3. admin
4. password
5. 1234
6. qwerty123
7. 12qwasZX
8. 12345
9. 12345678
10. qwerty
11. Qwerty123
12. 123456789
13. Starwars29
14. welcome11
15. ********
16. Deadman01
17. Password1
18. 111111
19. Password
20. abc123

The study found that people use the weakest passwords for their streaming accounts, while they use the strongest for their financial and banking accounts.

Internet users continued to adopt simple dictionary words for their passwords, and also use passwords associated with online games, movies or fiction like Star Wars and Super Mario.

A huge amount of information can be stolen through a malware attack. Photo: Getty

Malicious actors can crack 70 per cent of the passwords in the global list in less than a second.

NordPass’s experts have some tips for ensuring your information is protected online.

Protecting your password

Tomas Smalakys, chief technology officer at NordPass, said malware attacks can breach cybersecurity even if strong passwords are used.

“The scariest part is that victims might not even realise that their computer is infected,” he said.

“Bad actors tend to hide malware in well-crafted phishing emails, imitating a legitimate organisation, such as your bank or your company.”

Malware attacks can steal information saved in browsers, including passwords and other credentials, website cookies and auto-fill data.

123456 was the global top password for four of the past five years, and Smalakys suggested it was a clear sign that changing authentication is essential.

He said technology like passkeys is a way to eliminate lousy passwords and make systems more secure.

“As with every innovation, passwordless authentication will not be adopted overnight,” he said.

“Being amongst the first password managers to offer this technology, we can see that users are more and more curious to test it out, however, there’s still a lot of work to be done and password security still remains a matter of today.”

Ways to strengthen security include:

• Creating longer and complex passwords, using both lowercase and uppercase letters, numbers and symbols.
• Avoid storing your secrets on your browser by adopting a password manager.
• Start using passkeys.
• Stay vigilant against malware and phishing emails.