Arrow back

What Were the Most Common Passwords in 2019?

15 August, 2019

Let’s face it - few of us enjoy the process of picking a password. We’re often marooned between a simple yet memorable password and a truly secure one.

The result? An epidemic of poor choices which means that, when it comes to choosing passwords, many of us are falling into the same traps. They’re traps which can compromise your personal data, finances and even your organisation’s cyber security.

Cybercriminals and the software they utilise are growing more sophisticated by the day, so there’s never been a better time to brush up on how to write a secure password.

Thanks to work by the National Cyber Security Council (NCSC), we finally have an idea of what the most common passwords in the world are. The passwords were scraped from hacks in the Have I Been Pwned? database and reveal some serious flaws in common password design.

Join Bob’s Business below as we share with you the most common passwords, explain why you shouldn’t reuse your password and much, much more.

What were 2019s most Common Passwords?

The top five most commonly used passwords in 2019 were:

  • 123456 (23.2m)
  • 123456789 (7.7m)
  • qwerty (3.8m)
  • password (3.6m)
  • 111111 (3.1m)

What unites each of these passwords? Simplicity. They’re super simple to think up and remember, which is good. On the other hand, they’re so easy to crack that they’re basically useless.

What Does the Password List Tell Us?

There are a number of themes that recur time and time again in the NCSC’s password list.

Numerical patterns are a very common theme, with passwords like ‘000000’ or ‘654123’ appearing constantly in the NCSC’s list of the 100,000 most hacked passwords. In fact, out of the top twenty passwords, numerical patterns appear twelve times, highlighting just how common they are.

Another theme that appears time and time again in the list is names. The NCSC’s data found that ‘ashley’, ‘michael’, ‘daniel’, ‘jessica’ and ‘charlie’ were the five most commonly used names as passwords, but there are hundreds of examples on the list.

Other popular common passwords are football teams, musicians, superheroes and swear words, which appear shockingly often.

So, what do all these patterns tell us? When we’re building passwords, most of us just choose something that’s easy to remember. Whether it’s the football club we love, our favourite band, an easy to recall set of numbers or even our own name - many of us are choosing passwords that don’t require us to memorise anything complicated.

All of which brings us to...

How to Make a Good Password (and Remember It!)

There are countless ways to create good, secure passwords, but many methods ignore the fact that it takes a monumental effort to remember ‘C7sf3LU!6w’ instead of ‘leedsutd’.

That’s why at Bob’s Business, we recommend the ‘three words’ method of password creation. Simply pick three random, unconnected words and put them together. Passwords like ‘laminateboomtag’ are easy to remember and, crucially, unique.

Aren’t sure just how secure your password is? Type it into How Secure is my Password and discover just how quickly your password could be cracked.

How Often Should You Change your Password?

There are plenty of myths out there about how often you should change your password. Some schools of thought suggest every month, others once every quarter.

The problem with mandatory password changes is that they tend to encourage superficial changes to passwords - a capitalised letter here or a new number there. For hackers, those small changes are easy to adapt to.

Instead, you should simply choose a unique password for every website or service you sign up to.

Dedicated password manager software will keep track of your passwords and automatically input them across your devices, whilst browsers like Chrome now support built-in password management, so you don’t even need to remember your passwords.

Of course, if any service you use is hacked, you should change your password immediately to stop criminals accessing your private information. Finding out whether an account you use has been hacked is simple, just use a website like Have I Been Pwned?

Our top Password Tips

Creating a secure and memorable password doesn’t need to be difficult. In fact, it can be easy. Just follow our top password tips below and you’ll never need to worry about your password security again.

  • Build your passwords from three random yet memorable words. Try to choose words which aren’t related to your life, so no favourite bands or teams and certainly not your name. That way no automated hacking system or individual can figure out your password.
  • Use different passwords for every website or service you use. The temptation to use the same password everywhere is strong, but doing so means that a single breach on any service could compromise all of your accounts.
  • Check to see if any of your accounts have been breached. By inputting your email address into a website like Have I Been Pwned? you can see whether any of your details have been breached and released. Companies will also email you to alert you if their service has been breached.
  • Always change any passwords you have on breached services. It should go without saying, but if your information has been breached, you should change your password as soon as possible, alongside updating your password on any websites that share the breached password.
  • If in doubt, check the strength of your password. There are plenty of services that will show how strong your password is, but our favourite is How Secure is my Password, which instantly reveals how long it would take a computer to crack your password.

How Can Businesses Educate Their Employees?

It’s no secret good password practice is essential to ensuring that businesses aren’t put at unnecessary risk.

A single employee with their password in the public domain can compromise the security of your entire organisation, opening the door to all manner of cybercriminals.

At Bob’s Business, we understand that when it comes to the cyber security health of your business, your employees are the most valuable weapon in your arsenal. They’re the front line of your battle against cyber crime and, without proper training, can be manipulated to grant access to confidential and valuable information.

Our cyber security eLearning courses cover everything from how to make the perfect password to GDPR compliance, phishing detection and data protection. They’re designed to help you staff understand the threats posed by cyber crime and reshape their behaviour to protect your organisation.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance