World's most hacked passwords revealed in new report


21 Apr 2019

World's most hacked passwords revealed: Check if yours is there

With data breaches on the rise, the only thing that can protect your identity from being compromised is a strong password.

But if a new report of most-hacked passwords is anything to go by, millions of people still don't take security seriously.

They use the same old passwords that we all, including potential hackers/cybercriminals, can predict.

Let's take a look at them.

Most common

More than 23 million people use '123456' as password

More than 23 million people use '123456' as password

The National Cyber Security Center (NCSC) of the UK analyzed some 100,000 recurring passwords compromised in data breaches.

They accessed breached information with the help of Troy Hunt's 'Have I been pwned' database and found that more than 23 million people had 123456 as the password for their online accounts.

To recall, the same password was revealed as the worst one last year.

Top passwords

Other easy-to-guess passwords

Along with 123456, there were many more unimaginative and easy-to-crack passwords in NCSC's global list.

For some perspective, nearly 8 million people had 123456789 as their password - the 2nd most breached - while some 3.8 million and 3.6 million had qwerty and password, respectively.

These were followed by 1111111, 12345678, abc123, 1234567, password1, 12345, 1234567890, 123123, 000000, and Iloveyou.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Other passwords

Many even used their favorite football team's, fictional character's name

Many even used their favorite football team's, fictional character's name

While most breached passwords revolved around predictive numeric patterns, there were also many who used the name of their favorite football team, musician, or fictional character.

According to the report, some 280,000 people had set liverpool as their password, 216,000 had chelsea, and 179,000 had arsenal.

Among fictional characters, over 333,000 people had set superman, 242,749 had naruto, and 203,116 had batman.

Blink182, 50cent most common musician passwords

As for musicians, blink182 and 50cent were the most common compromised passwords - used by 285,000 and 191,000 people, respectively. They were closely followed by eminem (167,983), metallica (140,841), slipknot (140,833).

Potential move

Why knowing these passwords is important

Some of you may argue that revealing most hacked passwords can tip off hackers and risk the security of those still using them.

However, in our and NCSC's opinion, these passwords are way too predictable and letting the world know about them is the only way to drive people to change them and choose better passwords for online security.

Here's what NCSC's technical director said about these passwords

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band," Ian Levy, technical director of the NCSC, said, noting that people keeping passwords like this put themselves at the risk of being hacked.

Password selection

How to choose a good password?

How to choose a good password?

If your password is one of the most hacked ones, we recommend changing it immediately and choosing a stronger one.

Now, this seems a little difficult but NCSC recommends choosing a password by combining three different but memorable words to keep accounts secured.

In case nothing comes up in your mind, go ahead and get a password manager, which would generate/save complex passwords automatically.

Share this timeline

Cyber Security

Password Protection




Ian Levy

National Cyber Security Center



Troy Hunt

Share this timeline

Ask NewsBytes
User Image

Most asked questions

How did they find these passwords?

Should we keep different passwords for all services?

Which is an ideal password manager?

Is using a password manager necessary?

More questions

How did they find these passwords?

Asked 2019-04-21 19:08:23 by Vibhore Lobo

Answered by NewsBytes

NCSC analyzed the database of breached passwords managed by Troy Hunt's Have I been pwned.

Should we keep different passwords for all services?

Asked 2019-04-21 19:08:23 by Rakesh Gupta

Answered by NewsBytes

Yes, you should have a different password for all your online services.

Which is an ideal password manager?

Asked 2019-04-21 19:08:23 by Aaradhya Tata

Answered by NewsBytes

There are many password managers, including LastPass, 1Password and others.

Is using a password manager necessary?

Asked 2019-04-21 19:08:23 by Sanvi Das

Answered by NewsBytes

It is not necessary but can improve your account's security significantly.

Next Timeline