Passwords shield our personal information from prying eyes. From bank accounts to inboxes, social media to photo libraries, there’s a lot of private data that could be accessed if someone gets their hands on your password. But despite this critical role, millions of Britons still rely on lacklustre passwords to keep their accounts safe.
The most popular passwords in Britain can all be cracked by hackers in under 10 seconds, according to new research. But many of the most simplictic passwords can be gussed in under a second. Topping the list, the word “password” is the most popular choice for Britons in 2024, researchers have revealed.
According to the sixth annual report from NordPass, “123456” has fallen out of favour with Britons. In its place, “password” tops the list, with the same word with its first letter capitalised coming in a close second.
Elsewhere, Britons used more dictionary words in their passwords this year compared with the data from 2023. While they are known to be extremely vulnerable to cyberattacks — hackers can brute-force their way into accounts by running applications that try every word in the dictionary in quick succession — UK users once again turned to football references to secure their accounts, with “Arsenal,” “Chelsea,” and “Liverpool” are ranking in the top 20.
Simple combinations of letters and numbers, like “abc123”, and names of children, partners, and pets, like “charlie”, continue to rank highly in the most commonly used passwords in the UK.
Despite missing out on gold medal position in the UK, “123456” remains the most common password worldwide.
In total, the study found almost half of the world’s most common passwords consist of simple keyboard combinations, like “qwerty” and “qwerty123”. The latter has gained significant popularity this year, reaching fourth position in the UK, while also topping lists in Canada, Lithuania, the Netherlands, Finland, and Norway.
For the first time, the NordPass study looked at both personal and corporate password habits, with 78% of common passwords now crackable in under a second. This marks a significant decline from last year, when 70% of passwords could be breached in the same timeframe.
Passwords for work accounts show distinct patterns, with default passwords like “newmember,” “admin,” and “welcome” appearing frequently in business settings. “Welcome,” which ranks as the sixth most common corporate password in the UK, often remains unchanged despite being intended as temporary.
With the average internet user now required to juggle 168 personal passwords and 87 work-related ones, it’s understandable that people rely on the same very simple passwords time and time again.
The overlap between personal and work passwords presents a significant security concern, with research showing 40% of the most common passwords are identical across both domains.
Karolis Arbaciauskas, Head of Business Product at NordPass, explains this behaviour: “No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person. This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online.”
Experts at NordPass have issued several recommended security practices for better password strength.
First up, never reuse a password across accounts, as if even one of these username-password combinations is leaked or compromised, then it could lead to multiple security breaches.
NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters. Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.
If you’re struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you’re unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters.
If you’re struggling to think of something, then a password manager is a brilliant way to generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.
Passwords will be autofilled into the login screen, so there’s no need to remember the unguessable combination of symbols, lowercase and capital letters, and numbers for your account.
NordPass is one option available alongside the likes of LastPass and 1Password.
Get started with 1Password FREE for 14-days
The award-winning 1Password is designed to generate and store unguessable passwords, passkeys, credit card numbers, national insurance numbers, and much more. This encrypted vault is available across all of your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets. Its built-in WatchTower feature evaluates password strength and warns about data breaches that impact you
1Password
Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and Passwords respectively, that generate and store passwords. The latter was rebooted as a standalone application as part of the free upgrade toiOS 18 released in September for iPhone owners worldwide.
Lastly, NordPass suggests switching to passkeys where possible, noting that major providers like Google, Microsoft, and Apple now support this more secure alternative. These allow you to sign-in to apps, websites, and other online accounts in the same manner that you unlock your device – using a fingerprint, a face, or an on-screen PIN.
Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.
Although there are high hopes for passkeys, with Google even calling its rollout “the beginning of the end of the password”, they’re unlikely to eliminate old-fashioned passwords for some time. For the time being, we’re still stuck with passwords for a huge number of our online accounts …as such, it’s time to ditch “password” and think of something a little stronger.
For organisations, implementing a comprehensive password policy is crucial, including the use of password managers and multi-factor authentication requirements. Security advice for enterprise security has changed dramatically over the year, with experts now warning against forcing employees to change their password multiple times per year.
Cybersecurity researchers worked with the team at NordPass to put together the definitive list of the most common passwords of the year — the sixth annual report of its kind to improve password habits in the UK and globally. To find the most common passwords, the security researchers scoured a database of 4.3TB (that’s a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.
Top 20 Most Common Passwords In The UK
- password
- qwerty123
- qwerty1
- 123456
- liverpool
- 123456789
- password1
- qwerty
- liverpool1
- arsenal
- 12345678
- chelsea
- Password
- charlie
- football
- abc123
- arsenal1
- rangers
- Password1
- charlie1