When it comes to choosing a secure password, it seems that many of simply never learn.
Shocking research conducted by NordPass has once again revealed that thousands of people in the UK are still using hackable phrases to secure their vital information.
More than half of the most common passwords are made up of the simplest combinations of numbers and letters like ‘qwerty’ or ‘123456’.
But it was ‘password’ which inevitably came out on top as the most common password in the UK – despite being the worst possible choice.
As people around the world apparently misunderstand experts’ calls for stronger passwords, ‘qwerty123’ has now become the UK’s second most popular choice.
This was joined in the top rankings by other, equally-weak variations such as ‘qwerty1’ in third place and ‘password1’ in seventh.
And, just like previous years, football fans have put their club allegiances ahead of cybersecurity with ‘liverpool’ and ‘arsenal’ both making the top 10.
Worryingly, this means that 78 per cent of the world’s most common passwords can be cracked by cybercriminals in less than a second.
Researchers have revealed the most common passwords being used in the UK and around the world. Shockingly, ‘password’ is still the UK’s most popular password – despite years of warnings from cybersecurity experts (file photo)
Using a 2.5 terabyte database of leaked passwords across the internet and darkweb, researchers have compiled the 200 most common passwords used this year.
The biggest risk is that by using common passwords, internet users make it trivial for hackers to break into personal accounts.
When users use common words or strings of letters and numbers, they rapidly reduce the time it takes to guess a password.
For example, researchers found 21,128 UK accounts using the password ‘password’ and 7,338 using ‘password1’.
Likewise, the researchers found that ‘qwerty123’, ‘qwerty1’ and ‘qwerty’ were all ranked within the top 10 most common passwords.
Strikingly, many users were also found to be using simple runs of numbers as their passwords.
Researchers found that ‘123456’ was the fourth most common password in the UK, being used by 17,415 accounts in the data set.
Likewise, perhaps believing that more numbers equated to more security, almost 8,000 accounts were found to be using ‘123456789’ – making it the seventh most popular password.
The biggest risk is that by using common passwords, internet users make it trivial for hackers to break into personal accounts (file photo)
However, both these strings of numbers can be cracked in less than a second by a determined hacker.
The UK’s password woes aren’t just related to strings of nonsense numbers as experts warn that using complete words can be equally dangerous.
Football teams once again proved to be popular password choices with ‘liverpool’, ‘arsenal’, ‘chelsea’, and ‘rangers’ all appearing in the top 20.
Yet despite some people changing or adding letters, such as the 5,900 people who opted for ‘liverpool1’, most variations of club names can still be cracked in under a second.
The same is true for the thousands of Charlies who decided to use their own name as the basis for a password.
In the UK, ‘charlie’ was the 14th most popular password being used by 4,274 accounts while ‘charlie1’ was the 20th with 2,746 accounts.
While these choices might be convenient, cybersecurity experts say that using any factor related to your real life makes things much easier for criminals.
Karolis Arbačiauskas, head of business product at NordPass, says: ‘No matter if I wear a suit and tie at work or I’m scrolling through social media in my pyjamas, I am still the same person.
Liverpool fans (pictured) might be putting themselves at risk of being hacked when they put club allegiance ahead of cybersecurity. The researchers found that club names like ‘liverpool’, ‘chelsea’, and ‘arsenal’ were all in the top 20 most common passwords in the UK
‘This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings.’
However, NordPass’ research found that corporate accounts were no more secure in their password choices.
Worldwide, the top three most popular passwords for work accounts were ‘123456’, ‘123456789’, and ‘12345678’.
Shockingly, this data revealed that ‘123456’ was the password for a staggering 1,233,477 work accounts around the world.
Likewise, in the UK, NordPass found that many corporate accounts were still using default passwords.
The fifth most used work password in Britain was ‘welcome’ while ‘letmein’ came in at eleventh.
Additionally, when it comes to work accounts there was even more evidence of people lazily using their own names.
Out of the top 20 most common passwords, NordPass found ‘charlie’, ‘thomas’, ‘george’, and ‘jonathan’ all made the list.
Charlies, such as Charlie Sheen (pictured), seem to be especially fond of their own name as the researchers found that variations of ‘charlie’ were the 14th and 20th most common passwords in the UK
Even if one account might not seem important, experts warn that the risks can become much more extreme if you reuse passwords anywhere else.
Mr Arbačiauskas says: ‘Password reuse is widespread, and the reason is simple — it’s just easier.
‘Nevertheless, cybersecurity hygiene requires using a different password for every account because the convenience of password reuse does not outweigh the risks it poses.’
The issue is that, by sharing passwords between accounts, even the strongest protections can become redundant if hackers can access just one point of weakness.
‘For example, if your credentials were breached or a hacker were to brute-force their way into one of your accounts by repeatedly trying different combinations until they gain access, they would most certainly try to use that password with the rest of your accounts,’ says Mr Arbačiauskas.
‘Your bank account, emails, and home network are all at the mercy of cybercriminals because you reuse the same password for everything.’
In addition to using different passwords for each account, Mr Arbačiauskas recommends you use passwords at least 20 characters long.
This is the gold standard for hack resistance and will mean criminals have a far harder time breaking into your account.
Mr Arbačiauskas says: ‘Even if you use different passwords, but they are all “password,” “123456,” “qwerty,” or similar kinds, your account is still an easy target for cybercriminals. ‘
In order to keep track of these longer passwords experts recommend setting up a secure password manager.
Preferably, you should choose a password manager which requires two-factor authentication for the highest levels of security.
In this way, you only need to remember one very strong password in order to have secure access to all your different accounts.