Why You Shouldn’t Use Keyboard Patterns or Sequential Numbers
Passwords like 123456, qwerty123, or straight keyboard lines are some of the first guesses attackers try. This article explains why these patterns are so weak and what to use instead.
What Do We Mean by Keyboard Patterns?
Keyboard patterns are passwords created by dragging your fingers across nearby keys: for example qwerty, asdfgh, or diagonal moves like 1qaz2wsx. The same is true for simple sequences such as 123456 or abcdef.
These may feel random to humans, but they are extremely predictable to attackers. They show up in massive leaked password lists, which are then reused in dictionary attacks and credential-stuffing campaigns.
Why These Patterns Are So Easy to Guess
Attack tools don’t try “every possible key” at random. They start with the most common passwords seen in the wild: password, qwerty, 123456, and so on. Short sequences and keyboard runs have very low password entropy, which means far fewer guesses are needed to crack them.
Even when people add a symbol — like Qwerty123! — the structure is still easy to model. Our article
Top Password Mistakes & How to Fix Them covers this in more detail.
Examples of Weak Keyboard-Based Passwords
Some examples that attackers love:
- qwerty, qwerty123, qazwsx
- asdfgh, zxcvbn
- 123456, 111111, 123123
- Phone-number-like or date-only passwords
Even if you mix these with a symbol at the end, they remain trivial compared to a random password or a strong passphrase.
What to Use Instead
The simplest fix is to stop hand-crafting passwords and let a generator like StrongPass create them for you. A random 16–24 character password has far more entropy than any neat pattern you can type quickly. See our step-by-step guide: How to Create a Truly Strong Password.
For passwords you must remember (like your master password), use long, unrelated words as explained in Create Memorable Passphrases Without Weakening Security.
Protecting Your High-Risk Accounts
High-risk accounts — such as banking, email, and admin panels — should never rely on keyboard patterns or simple sequences. Follow the recommendations in Best Password Settings for High-Risk Accounts and always enable multi-factor authentication wherever possible.