Most Common Passwords to Avoid in 2024

Password management system NordPass have released their annual report featuring the top 200 most common passwords for 2023.

Many people use simple and easily memorable passwords for the sake of convenience. Keeping track of passwords for every website you visit can be frustrating, and the temptation to use one password for all accounts is always present. But giving in to that compulsion, whether intentional or not, can put you at risk of a cyberattack.

New on the list this year is the use of “admin”. New user accounts are typically set up with default logins and passwords, and “admin” is a very common choice, however, it appears that there are users who decide to keep that password instead of changing it to something more secure once they have access. Perhaps even more concerning, is the amount of passwords in the list that use similar variations of numbers 1-9 on the keyboard, with “123456” claiming the top spot for this year.

Top 10 most common passwords

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. Password
  8. 123
  9. Aa123456
  10. 1234567890

In the UK, sports teams appear to be the popular choice this year, with “Liverpool”, “Arsenal”, and “Chelsea” making it into the top 10. In showing support for a favoured team, however, these users have put their accounts at risk.  

Top 10 most common passwords in the UK

  1. 123456
  2. password
  3. qwerty
  4. liverpool
  5. 123456789
  6. arsenal
  7. 12345678
  8. 12345
  9. abc123
  10. chelsea

All the passwords above took less than 1 second to crack according to the report. Take a moment to look at your keyboard. Look how easy those passwords are to type in just by pressing the adjacent keys. The results from this study should be a wake-up call to those who are still relying on passwords like “qwerty123” to protect sensitive information. Weak passwords are an easy target for hackers, one simple guess is all it takes to access all your data.

If your password has made it onto these lists, now is the time to change it and make it more secure over the holidays. Luckily, creating a stronger defence against hackers is as simple as 1-2-3 (pun intended).

Practicing Better Cyber Hygiene

Never reuse passwords across multiple accounts. Create a unique one for each account and make them long —anything shorter than 12 characters can be easily solved. Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. You should also get into the habit of changing your passwords at least every 90 days or implementing a multi-factor authentication method as an extra layer of security.

Another recommendation is to invest in a password manager, which generates strong, unique passwords and stores them securely in an encrypted ‘vault’ that only you can access. A password manager makes it easier to keep track of complex passwords without having to type them in every time manually.

As an extra security measure, it may also be a good idea to check if your account has been caught up in a data breach using a database service.

Everyone deserves to enjoy their time off without the stress of coming back to a cyber-attack. By having the right procedures in place and staying vigilant, both you and your staff can take the time to enjoy the holidays in peace.

Users of the Development Zone can also access a range of curated modules covering Cyber Risks and Data Security through our Content Catalogue. 

For those not currently using the system, you can find out more and request a free 14-day trial here:

About the author

Jessica joined RWA in 2018, having graduated with a First Class Honours degree in Film Studies. Her role as a content designer involves developing new and engaging e-learning modules as well as assisting in the creation of articles for Insight. 

Get UKGI Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here