Sunday, December 22, 2024

Revealed: The most common passwords in the UK – so, are YOU still using one of these hackable phrases?

Must read

When it comes to choosing a secure password, it seems that many of simply never learn.

Shocking research conducted by NordPass has once again revealed that thousands of people in the UK are still using hackable phrases to secure their vital information.

More than half of the most common passwords are made up of the simplest combinations of numbers and letters like ‘qwerty’ or ‘123456’.

But it was ‘password’ which inevitably came out on top as the most common password in the UK – despite being the worst possible choice.

As people around the world apparently misunderstand experts’ calls for stronger passwords, ‘qwerty123’ has now become the UK’s second most popular choice.

This was joined in the top rankings by other, equally-weak variations such as ‘qwerty1’ in third place and ‘password1’ in seventh.

And, just like previous years, football fans have put their club allegiances ahead of cybersecurity with ‘liverpool’ and ‘arsenal’ both making the top 10.

Worryingly, this means that 78 per cent of the world’s most common passwords can be cracked by cybercriminals in less than a second.

Researchers have revealed the most common passwords being used in the UK and around the world. Shockingly, ‘password’ is still the UK’s most popular password – despite years of warnings from cybersecurity experts (file photo)

Using a 2.5 terabyte database of leaked passwords across the internet and darkweb, researchers have compiled the 200 most common passwords used this year.

The biggest risk is that by using common passwords, internet users make it trivial for hackers to break into personal accounts.

When users use common words or strings of letters and numbers, they rapidly reduce the time it takes to guess a password.

For example, researchers found 21,128 UK accounts using the password ‘password’ and 7,338 using ‘password1’.

Likewise, the researchers found that ‘qwerty123’, ‘qwerty1’ and ‘qwerty’ were all ranked within the top 10 most common passwords.

Strikingly, many users were also found to be using simple runs of numbers as their passwords.

Researchers found that ‘123456’ was the fourth most common password in the UK, being used by 17,415 accounts in the data set.

Likewise, perhaps believing that more numbers equated to more security, almost 8,000 accounts were found to be using ‘123456789’ – making it the seventh most popular password.

The biggest risk is that by using common passwords, internet users make it trivial for hackers to break into personal accounts (file photo)

The biggest risk is that by using common passwords, internet users make it trivial for hackers to break into personal accounts (file photo)

The most common passwords in the UK

  1. password
  2. qwerty123
  3. qwerty1
  4. 123456
  5. liverpool
  6. 123456789
  7. password1
  8. qwerty
  9. liverpool1
  10. arsenal
  11. 12345678
  12. chelsea
  13. Password
  14. charlie
  15. football
  16. abc123
  17. arsenal1
  18. rangers
  19. Password1
  20. charlie1

However, both these strings of numbers can be cracked in less than a second by a determined hacker.

The UK’s password woes aren’t just related to strings of nonsense numbers as experts warn that using complete words can be equally dangerous.

Football teams once again proved to be popular password choices with ‘liverpool’, ‘arsenal’, ‘chelsea’, and ‘rangers’ all appearing in the top 20.

Yet despite some people changing or adding letters, such as the 5,900 people who opted for ‘liverpool1’, most variations of club names can still be cracked in under a second.

The same is true for the thousands of Charlies who decided to use their own name as the basis for a password.

In the UK, ‘charlie’ was the 14th most popular password being used by 4,274 accounts while ‘charlie1’ was the 20th with 2,746 accounts.

While these choices might be convenient, cybersecurity experts say that using any factor related to your real life makes things much easier for criminals.

Karolis Arbačiauskas, head of business product at NordPass, says: ‘No matter if I wear a suit and tie at work or I’m scrolling through social media in my pyjamas, I am still the same person.

Liverpool fans (pictured) might be putting themselves at risk of being hacked when they put club allegiance ahead of cybersecurity. The researchers found that club names like 'liverpool', 'chelsea', and 'arsenal' were all in the top 20 most common passwords in the UK

Liverpool fans (pictured) might be putting themselves at risk of being hacked when they put club allegiance ahead of cybersecurity. The researchers found that club names like ‘liverpool’, ‘chelsea’, and ‘arsenal’ were all in the top 20 most common passwords in the UK 

‘This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings.’

However, NordPass’ research found that corporate accounts were no more secure in their password choices.

Worldwide, the top three most popular passwords for work accounts were ‘123456’, ‘123456789’, and ‘12345678’.

Shockingly, this data revealed that ‘123456’ was the password for a staggering 1,233,477 work accounts around the world.

Likewise, in the UK, NordPass found that many corporate accounts were still using default passwords.

The fifth most used work password in Britain was ‘welcome’ while ‘letmein’ came in at eleventh.

Additionally, when it comes to work accounts there was even more evidence of people lazily using their own names.

Out of the top 20 most common passwords, NordPass found ‘charlie’, ‘thomas’, ‘george’, and ‘jonathan’ all made the list.

Charlies, such as Charlie Sheen (pictured), seem to be especially fond of their own name as the researchers found that variations of 'charlie' were the 14th and 20th most common passwords in the UK

Charlies, such as Charlie Sheen (pictured), seem to be especially fond of their own name as the researchers found that variations of ‘charlie’ were the 14th and 20th most common passwords in the UK

How to keep your passwords safe

1. Create strong passwords or passphrases

  • Passwords should be at least 20 characters long and include special characters.

2. Never reuse passwords 

  • The rule of thumb is that each account should have a unique password.

3. Switch to passkeys wherever possible.

  • Passkeys are a super-secure digital credential which allows you to get rid of passwords altogether.

4. Set up a password manager

  • Password managers allow you to store all your passwords in one secure location.

Even if one account might not seem important, experts warn that the risks can become much more extreme if you reuse passwords anywhere else.

Mr Arbačiauskas says: ‘Password reuse is widespread, and the reason is simple — it’s just easier.

‘Nevertheless, cybersecurity hygiene requires using a different password for every account because the convenience of password reuse does not outweigh the risks it poses.’

The issue is that, by sharing passwords between accounts, even the strongest protections can become redundant if hackers can access just one point of weakness.

‘For example, if your credentials were breached or a hacker were to brute-force their way into one of your accounts by repeatedly trying different combinations until they gain access, they would most certainly try to use that password with the rest of your accounts,’ says Mr Arbačiauskas.

‘Your bank account, emails, and home network are all at the mercy of cybercriminals because you reuse the same password for everything.’

In addition to using different passwords for each account, Mr Arbačiauskas recommends you use passwords at least 20 characters long.

This is the gold standard for hack resistance and will mean criminals have a far harder time breaking into your account.

Mr Arbačiauskas says: ‘Even if you use different passwords, but they are all “password,” “123456,” “qwerty,” or similar kinds, your account is still an easy target for cybercriminals. ‘

In order to keep track of these longer passwords experts recommend setting up a secure password manager.

Preferably, you should choose a password manager which requires two-factor authentication for the highest levels of security. 

In this way, you only need to remember one very strong password in order to have secure access to all your different accounts.

The 25 most common passwords worldwide 

The world’s most common passwords in 2024 
Rank   Password Time to crack  Number of users 
1   123456 3,813,089 
  123456789  1,625,125 
  12345678  884,740 
  password  692,151 
  qwerty123  642,638 
  qwerty1  583,638 
  111111  459,738 
  12345  395,573 
  secret  363,491 
10    123123  351,576 
11   1234567890  324,349 
12    12345678910  324,349 
13    1234567  307,719 
14    000000  259,048 
15    qwerty  244,879 
16    abc123  217,230 
17    password1  211,932 
18    iloveyou  197,880 
19    11111111  195,237 
20    dragon  144,678 
21    monkey  139,158 
22    121212123  119,004 
23    123321  106,267 
24    qwertyuiop  101,048 
25    00000000  99,292 

Latest article