UK’s top 20 most common passwords revealed – how to make yours safe

Hackers don’t need any extra help, they’re clever enough already. But when you use an easy-to-guess password, you’re basically handing them the keys to your accounts.

NordPass has released its annual review of the most common passwords, and the results will shock security experts, the police, and probably you too.

UK’s top 20 most common passwords

1. 123456
2. admin
3. 12345678
4. 123456789
5. 12345
6. password
7. Aa123456
8. 1234567890
9. Pass@123
10. admin123
11. 1234567
12. 123123
13. 111111
14. 12345678910
15. P@ssw0rd
16. Password
17. Aa@123456
18. admintelecom
19. Admin@123
20. 112233

‘admin’ isn’t just common in Britain, it’s the most used password in Australia, America and Germany too.

NordPass warns that around 80% of data breaches happen because of weak, reused or stolen passwords.

Why reusing passwords puts you at risk

If you use the same password everywhere, you’re creating one single point of failure. If hackers get into one of your accounts, they can often get into all of them.

Virgin Media O2 found that four in five people reuse the same or nearly identical passwords across multiple platforms.

If that sounds like you, it’s time to make a change.

How to create a strong password

Microsoft recommends that you:

• use at least 12 characters
• mix uppercase, lowercase, numbers and symbols
• avoid using names, yours or anyone else’s
• make each password very different from your others
• use a memorable phrase that only you would think of

How to tell if you've been hacked

Watch out for:

• unauthorised money transfers or purchases
• being locked out of your accounts
• changes to your security settings
• messages or notifications sent from your account you don't recognise
• logins or attempted logins from unusual locations or at unusual times

What to do if you've been hacked

• contact your account provider and follow their recovery steps
• check your email filters and forwarding rules (hackers often set these up to steal your emails)
• change all your passwords immediately, especially if you reuse any
• log out of all devices and apps linked to the hacked account
• tell your contacts to ignore suspicious messages sent from you
• enable 2-step verification (2SV) so criminals can’t get in even if they know your password
• update your antivirus software
• tell your bank or building society if the hack involves your finances
• report it to Action Fraud
• if you need emotional support, get in touch with Victim Support

Stay informed

Knowledge is your best defence – read our guide about outsmarting online scammers and stay updated on the latest scams.