The UK’s Most Common Passwords Revealed: Are You Still Using One?
In a digital landscape where data breaches are increasingly common, it seems many people still haven’t learned the importance of a secure password. A recent study by cybersecurity firm NordPass reveals that a staggering number of people in the UK continue to rely on weak and hackable passwords, putting their personal information at risk.
The Most Popular Passwords – And Why They’re So Dangerous
According to the study, over half of the most common passwords in the UK are simple, easily guessed combinations of numbers and letters like ‘qwerty’ and ‘123456.’ Topping the list is the perennial ‘password,’ despite being widely recognized as one of the worst choices for security. Rounding out the top three are ‘qwerty123’ and ‘qwerty1’ — variations that do little to improve security.
Surprisingly, football fandom also influences password choices, with ‘liverpool,’ ‘arsenal,’ and ‘chelsea’ making the top 20. While these choices show a sense of identity and allegiance, they are also some of the easiest for hackers to crack.
This reliance on predictable patterns has alarming implications. NordPass warns that 78% of the world’s most common passwords can be broken in under a second, giving cybercriminals instant access to valuable personal information.
The Consequences of Password Predictability
Using a database of over 2.5 terabytes of leaked credentials from the internet and dark web, NordPass researchers analyzed and ranked the 200 most common passwords. The results are unsettling. More than 21,000 UK accounts were found to use ‘password’ as their login, with thousands more opting for equally weak variations like ‘password1’ and ‘123456789.’ For some, using a longer string of numbers may seem like a safer choice, but even ‘123456789’ ranks as the fourth most common and can be cracked almost instantly.
The study also highlighted the prevalence of personal names as passwords. ‘Charlie’ ranks 14th on the list, while ‘charlie1’ appears at number 20, used by thousands of accounts. These names may feel more secure to users, but they are just as vulnerable as basic number combinations.
Work Accounts Are No Safer
The NordPass findings also reveal a concerning trend among work accounts, where the most popular passwords remain weak and predictable. Globally, ‘123456,’ ‘123456789,’ and ‘12345678’ are the top three passwords used for work accounts. In the UK, commonly used corporate passwords include ‘welcome’ and ‘letmein,’ both of which rank high among passwords that hackers can easily break.
Why Weak Passwords Are a Cybersecurity Crisis
Reusing passwords across multiple accounts only exacerbates the problem, warns Karolis Arbačiauskas, head of business products at NordPass. ‘Password reuse is widespread because it’s convenient,’ he explains, ‘but convenience does not outweigh the risk. When you use the same password for multiple accounts, you’re opening up a security loophole that hackers can exploit.’ For example, if one weak password is compromised, a hacker could potentially gain access to other accounts, including sensitive information like banking details and email accounts.
Tips for Creating Strong Passwords
Experts recommend several steps to help users bolster their password security:
- Create Strong Passwords or Passphrases: Passwords should be at least 20 characters long and include a mix of numbers, letters, and symbols to increase security.
- Avoid Reusing Passwords: Every account should have a unique password to prevent one compromised password from becoming a widespread issue.
- Switch to Passkeys: Passkeys, a form of digital credential, can replace traditional passwords and offer a higher level of security.
- Use a Password Manager: Password managers store all your passwords securely, making it easier to use unique passwords for each account without needing to remember them.
Arbačiauskas emphasizes the risks of reusing passwords, explaining, ‘If your credentials are breached or a hacker manages to guess one of your passwords, they could attempt to use that password for other accounts, potentially gaining access to your bank, emails, and even home network.’
In today’s digital age, protecting personal information online is paramount. By following best practices, individuals can safeguard their accounts and make it harder for cybercriminals to break through weak security barriers.