Revealed: Britain’s most common passwords. Are you still using any of these hackable phrases?

When it comes to choosing a secure password, it seems that many simply never learn.

Shocking research conducted by NordPass has once again revealed that thousands of people in Britain are still using hackable phrases to secure their vital information.

More than half of the most common passwords consist of the simplest combinations of numbers and letters, such as ‘qwerty’ or ‘123456’.

But it was ‘password’ that inevitably came top as the most common password in Britain – despite being the worst possible choice.

As people around the world apparently misunderstand experts’ calls for stronger passwords, ‘qwerty123’ has now become the second most popular choice in Britain.

This was joined in the top rankings by other equally weak variants such as ‘qwerty1’ in third place and ‘password1’ in seventh place.

And as in previous years, football fans have put their loyalty to the club over cyber security, with ‘liverpool’ and ‘arsenal’ both in the top 10.

Worryingly, this means that 78 percent of the world’s most common passwords can be cracked by cybercriminals in less than a second.

Researchers have revealed the most common passwords used in Britain and around the world. Shockingly, 'password' is still the most popular password in Britain - despite years of warnings from cybersecurity experts (file photo)

Researchers have revealed the most common passwords used in Britain and around the world. Shockingly, ‘password’ is still the most popular password in Britain – despite years of warnings from cybersecurity experts (file photo)

Using a 2.5 terabyte database of leaked passwords on the Internet and the dark web, researchers have compiled the 200 most common passwords used this year.

The biggest risk is that by using regular passwords, Internet users make it trivial for hackers to break into personal accounts.

When users use common words or sequences of letters and numbers, they quickly reduce the time it takes to guess a password.

For example, researchers found 21,128 UK accounts using the password ‘password’ and 7,338 using ‘password1’.

Similarly, the researchers found that ‘qwerty123’, ‘qwerty1’ and ‘qwerty’ were all in the top 10 most common passwords.

Surprisingly, many users also appeared to use simple strings of numbers as passwords.

Researchers found that ‘123456’ was the fourth most common password in Britain, used by 17,415 accounts in the dataset.

Similarly, almost 8,000 accounts were found to be using ‘123456789’, perhaps in the belief that more numbers equaled more security, making it the seventh most popular password.

The biggest risk is that by using regular passwords, Internet users make it trivial for hackers to break into personal accounts (file photo)

The biggest risk is that by using regular passwords, Internet users make it trivial for hackers to break into personal accounts (file photo)

The most common passwords in Britain

  1. password
  2. qwerty123
  3. qwerty1
  4. 123456
  5. Liverpool
  6. 123456789
  7. password1
  8. qwerty
  9. Liverpool1
  10. arsenal
  11. 12345678
  12. Chelsea
  13. Password
  14. Charlie
  15. football
  16. abc123
  17. arsenal1
  18. park rangers
  19. Password1
  20. Charlie1

However, both sets of numbers can be cracked in less than a second by a determined hacker.

Britain’s password problems aren’t just about a series of bogus numbers, as experts warn using full words could be just as dangerous.

Football teams once again proved to be popular password choices, with ‘liverpool’, ‘arsenal’, ‘chelsea’ and ‘rangers’ all featuring in the top 20.

But even though some people have changed or added letters, like the 5,900 people who chose ‘liverpool1’, most club name variations can still be cracked in under a second.

The same goes for the thousands of Charlies who decided to use their own names as the basis for a password.

In Britain, ‘charlie’ was the 14th most popular password used by 4,274 accounts, while ‘charlie1’ was the 20th with 2,746 accounts.

While these choices may be convenient, cybersecurity experts say using factors related to your real life makes things much easier for criminals.

Karolis Arbačiauskas, Head of Business Product at NordPass, says: “It doesn’t matter whether I’m wearing a suit and tie at work or scrolling through social media in my pajamas, I’m still the same person.

Liverpool fans (pictured) could be at risk of being hacked if they put club loyalty above cyber security. The researchers found that club names such as 'liverpool', 'chelsea' and 'arsenal' were all in the top 20 most common passwords in Britain

Liverpool fans (pictured) could be at risk of being hacked if they put club loyalty above cyber security. The researchers found that club names such as ‘liverpool’, ‘chelsea’ and ‘arsenal’ were all in the top 20 most common passwords in Britain

“This means that no matter what setting I’m in, my password choices are influenced by the same criteria: usually convenience, personal experiences, or cultural environment.”

However, NordPass’ research found that corporate accounts were not more secure in terms of their password choices.

Globally, the three most popular passwords for work accounts were ‘123456’, ‘123456789’ and ‘12345678’.

Shockingly, this data revealed that ‘123456’ was the password for a whopping 1,233,477 work accounts around the world.

Similarly, NordPass in Britain found that many corporate accounts were still using default passwords.

The fifth most used work password in Britain was ‘welcome’, while ‘letmein’ came in eleventh.

Plus, when it came to work accounts, there was even more evidence of people lazily using their own names.

Of the top 20 most common passwords, NordPass found that ‘charlie’, ‘thomas’, ‘george’ and ‘jonathan’ all made the list.

Charlies, like Charlie Sheen (pictured), seem to be especially fond of their own names, as researchers found that variants of 'charlie' were the 14th and 20th most common passwords in Britain

Charlies, like Charlie Sheen (pictured), seem to be especially fond of their own names, as researchers found that variants of ‘charlie’ were the 14th and 20th most common passwords in Britain

How to keep your passwords safe

1. Create strong passwords or passphrases

  • Passwords must be at least 20 characters long and contain special characters.

2. Never reuse passwords

  • The rule of thumb is that each account should have a unique password.

3. Switch to passkeys whenever possible.

  • Passwords are a super-secure digital identifier that allows you to get rid of passwords altogether.

4. Set up a password manager

  • Password managers allow you to store all your passwords in one secure location.

Even though one account may not seem important, experts warn that the risks can become much more extreme if you reuse passwords elsewhere.

Mr Arbačiauskas says: ‘Password reuse is widespread, and the reason is simple: it’s just easier.

“Yet, cybersecurity hygiene requires the use of a different password for each account because the convenience of password reuse does not outweigh the risks it poses.”

The problem is that sharing passwords between accounts can make even the strongest protections redundant if hackers can gain access to just one weak point.

“For example, if your credentials were compromised or if a hacker were to brutally gain access to one of your accounts by repeatedly trying different combinations until he gains access, he would certainly try to use that password for the rest of your accounts. ‘ says Mr Arbačiauskas.

‘Your bank account, emails and home network are all at the mercy of cybercriminals because you use the same password for everything.’

In addition to using different passwords for each account, Mr. Arbačiauskas recommends that you use passwords that are at least 20 characters long.

This is the gold standard for hack resistance and will make it much harder for criminals to break into your account.

Mr Arbačiauskas says: ‘Even if you use different passwords, but they are all ‘password’, ‘123456’, ‘qwerty’ or similar types, your account is still an easy target for cybercriminals. ‘

To keep track of these longer passwords, experts recommend setting up a secure password manager.

Preferably choose a password manager that requires two-factor authentication for the highest level of security.

This way you only have to remember one very strong password to securely access all your different accounts.

The 25 most common passwords worldwide

The most common passwords in the world in 2024
Rank Password Time to crack Number of users
1 123456 3,813,089
2 123456789 1,625,125
3 12345678 884,740
4 password 692,151
5 qwerty123 642,638
6 qwerty1 583,638
7 111111 459,738
8 12345 395,573
9 secret 363,491
10 123123 351,576
11 1234567890 324,349
12 12345678910 324,349
13 1234567 307,719
14 000000 259,048
15 qwerty 244,879
16 abc123 217,230
17 password1 211,932
18 I love you 197,880
19 11111111 195,237
20 dragon 144,678
21 monkey 139,158
22 121212123 119,004
23 123321 106,267
24 qwertyuiop 101,048
25 00000000 99,292