Kiwis still using unsecure, easy to guess passwords according to new research

A hand with a piece of paper with the word 'password' written on it.
Government cybersecurity agency CERT NZ has easy to follow advice to create good passwords. Photo credit: Getty Images

Despite repeated warnings over using easy to guess passwords, many New Zealanders are still opting to do so, according to new research.

Each year NordPass creates a list of the 200 most common passwords based on its research. 

The list is compiled in partnership with independent researchers who specialise in researching cybersecurity incidents and involves evaluating a 4TB database of passwords.

Like the rest of the world, the most common password in Aotearoa is '123456' with the research finding it used nearly 200,000 times here.

In terms of being cracked by someone looking to access an account illegally, it would take less than a second to do so, according to NordPass.

The rest of the top 10 list in New Zealand is similar to the global list, with a couple of exceptions.

The fourth-placed 'iloveyou' shows Kiwis may be a little more willing to share their feelings than some, as that only ranks in 22nd place globally.

Meanwhile 'princess' rounds out the top 10 here despite ranking in 61st place around the world.

New Zealand's top 15 worst passwords of 2021, according to NordPass:

  1. 123456
  2. 123456789
  3. 12345
  4. iloveyou
  5. password
  6. qwerty
  7. 12345678
  8. 1234567890
  9. abc123
  10. princess
  11. 1234567
  12. password1
  13. qwertyuiop
  14. lovely
  15. asdfghjkl

The biggest difference in passwords between genders in New Zealand was the word 'chocolate', which was the fourth most popular for women despite only being 25th most popular overall and only 161st most popular worldwide.

Other password lowlights include 'f**kyou' in 42nd place, 'holden' in 75th and 'onedirection' in 129th.

The Government's cybersecurity agency CERT NZ provides advice on passwords in order to stay safe online, including not using the same password multiple times.

"The problem with this is that if an attacker gets access to one of your account passwords, it often gives them access to many of your other accounts as well," it says.

It also suggests using a password manager which stores and manages passwords and means only needing to remember a single passphrase rather than multiple passwords.

CERT NZ's overall advice for passwords:

  • Use a different password for every online account you have
  • Make your password long and strong
  • Don't use personal information to create your passwords
  • Keep them safe.