Top 10 most common passwords revealed – is yours here?

Wednesday, 14 February, 2018

It seems that when it comes to our basic cybersecurity we are getting no wiser, as this list of the most common passwords used in the UK reveals.

We still persist in using short, simple, easy-to-guess passwords for logging in to email, visiting websites and for our social media accounts regardless of the dangers it puts us in.

Why? Well, it’s much easier. Remembering a load of different unique passwords is not a simple matter.

Plenty of us end up with a folder or file on our phone or desktop called ‘Passwords’, which would be a goldmine for anyone able to access and exploit what’s on your connected devices.

More: Ransomware up 90%, now tool of choice for hackers

Is your password on the Top 10 list?

The largest batch of personal data yet recorded has been found for sale on the Dark Web including stolen email addresses and passwords. Security researchers 4iQ discovered that in this treasure trove of 1.4 billion personal credentials, vast numbers of people were still using very basic passwords despite all the warnings.

Not only that, people tend to use the same simple passwords for multiple accounts, across work email, personal email, social media, forums and news websites.

Even those who thought they were being clever are exposed as using easy-to-guess passwords, such as ‘iloveyou’, ‘1234’, ‘qwerty1’ and ‘121212’.

According to 4iG these are the most common exposed passwords worldwide:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 111111
  6. 12345678
  7. Abc123
  8. 1234567
  9. Password1
  10. 1234567890

Poor passwords persist

In the last 12 months the UK has witnessed an unprecedented rise in state-sponsored and private hacking. With our password habits, hackers know us better than we do that we tend to put convenience ahead of security.

More: Don’t use Russian Kaspersky antivirus, UK government warns

Experts have also pointed to the influx of new users coming online, mainly from the developing world. As newbies to the cyber world they are particularly vulnerable to attacks but for us in the West can there be any excuse?

Ask yourself:

  • Do you keep separate passwords for different accounts?
  • Do you create strong passwords for every account you use?
  • Do you follow basic security measures like encrypting your email, or updating smartphone apps?

More: The complete guide to improve your phone security

If the answer is no, then it is high time to think more seriously about your password security.

Best way to stay safe

It’s a no-brainer but choosing a strong password makes you less vulnerable when the cyberattackers come knocking. And keeping separate passwords for different accounts should be a given.

But trying to remember lists of complicated passwords can be a pain. It is strongly recommended to use a Password Manager. This way you don’t have to memorise each one.

A Password Manager encrypts and stores the passwords in a secure vault that is protected by a master password. This is the only password you need to remember.

When logged on to the manager, these programs will automatically fill your username and password each time you visit a site that requires them.

The best password managers will store your encrypted login details in a vault, either on your own hard drive or on their own servers.

There are a number of free Password Managers available, while others charge a fee and it is well worth looking at what’s best for your use.

The full Top 40 most common passwords

Top 10 most common passwords revealed - is yours here? 1

Random is good, patterns are bad

If you don’t want the bother of using a Password Manager, there are some simple rules to follow that will go a long way to safeguarding you online.

Never reuse the same password. In today’s cyber world it is unforgiveable to reuse the same password. Even the laziest of us know this is a no, no.

Avoid using straight line keyboard patterns such as ‘qwerty’. Even if it looks complex at first glance, this string of letters is likely part of the hackers’ dictionary tools they use. If you must use patterns on your keyboard, try geometric, zigzag or a series of lines patterns.

A good password is random. The more random it is the better. Hackers are always looking for those patterns and patterns are predictable.

Clever dictionary words don’t work. Hacking tools are built to target passwords containing whole or partial words.

Typing the same word twice to meet password length demands will not make it a stronger password. In fact, it can be worse as it introduces patterns.

A good password is complex. Using alpha-numeric passwords is the best way to keep the hackers at bay. And a good password is long. In fact, the length of password is one of the key factors in keeping you safe.

All in all, there really no excuse for continuing to use poor passwords. Just a little effort will go a long way to avoiding an unwanted appearance on a hacker’s website with all your details up for sale and the misery that can bring.

MAIN IMAGE: Elias Bezannes/CC BY-SA 2.0

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.