'Qwerty' and '123456' are among the most hacked passwords, experts say

Will we EVER learn? ‘123456’, ‘qwerty’ and ‘password’ are among the most commonly HACKED passwords – while pet names including ‘love’ and ‘baby’ are also easily guessed, report reveals

  • Card machine provider Dojo has analysed data on 100,000 breached passwords
  • It found ‘qwerty’, ‘123456’, ‘password’ and ‘1111111’ to be among the most hacked
  • Terms of endearment (such as ‘love’ and ‘angel’) was the most hacked category

New research suggests we’re still too lazy to think up proper passwords, despite leaving us prone to a costly hacking. 

London-based card machine provider Dojo has analysed data on 100,000 breached passwords from the UK government’s National Cyber Security Centre (NCSC).

It found ‘123456’, ‘qwerty’ and ‘password’ – all easily remembered but notoriously bad choices – were among the most frequently hacked passwords.

Overall, pet names or terms of endearment – including ‘love’, ‘baby’ and ‘angel’ – were found to be the most commonly hacked passwords, ahead of animals, colours and swear words. 

Experts are now urging the public to use more complicated passwords with unique letter and number combinations, along with two-factor authentication (2FA).

Scroll down for video 

According to the NCSC data, the five most commonly hacked passwords with the most users are ‘123456’, ‘123456789’ and ‘qwerty’ (stock image)


According to NCSC list the five most commonly hacked passwords with the most users are:

– 123456 (23.2 million users)

– 123456789 (7.7 million users)

– Qwerty (3.8 million users)

– Password (3.6 million users)

– 1111111 (3.1 million users) 

2FA requires users to provide an additional piece of information, such as a pin code sent via text message, as well as a password. 

‘Analysing NCSC data on over 100,000 breached passwords, we were able to categorise the top hacked passwords into over 30 categories, from sports to star signs,’ Dojo says in a blog post.

‘By seeing which category had the most breached passwords, the study can reveal the password subjects you should avoid as a whole to stay secure online.’ 

According to the NCSC data, the five most commonly hacked passwords with the most users were ‘123456’ at the top, followed by ‘123456789’, ‘qwerty’, ‘password’ and ‘1111111’. 

These bad choices are made up of obvious sequences of numbers like, or, in the case of ‘qwerty’, the letters from the top row of the computer keyboard. 

‘These sequences are particularly easy to remember and transcend languages and cultures, making them an incredibly popular password choice worldwide,’ Dojo says.

‘Easy to guess and requiring no personal knowledge, these ones present a huge risk to your online security when selected.

‘Passwords with a combination of characters, numbers, and symbols are less likely to be hacked as they are harder to guess.

‘To keep your password more secure, we recommend you use a random combination that is memorable only to you.’ 

In terms of categories, the worst choices were found to be pet names/terms of endearment, followed by names, animals, emotions, food, colours and swear words.

Interestingly, the three most frequently hacked names used as passwords were ‘Sam’, ‘Anna’ and ‘Alex’, likely due to their few letters and being easy to spell.  

Car brands (such as Audi and Ford), social media platforms (such as Facebook and Twitter) and star signs were also bad security choices, Dojo found.  


The top 20 most commonly hacked password categories according to NCSC data are as follows.

The numbers refer to the total of breached passwords that include the top 20 words/phrases in that category.

 1. Pet names/terms of endearment

2. Names

3. Animals

4. Emotions

5. Food

6. Colours

7. Swear words

8. Actions

9. Family members

10. Car brands

11. Cities

12. Brands

13. Countries 

14. Sports

15. Religions

16. Hobbies

17. Weather

18. Drinks

19. Social media platforms

20. Star signs





















Naveed Islam, chief information security officer at Dojo, thinks the public keeps using simple passwords – in spite of ongoing warnings to to – due to ‘password fatigue’. 

This term refers to the strain of having to think up and remember multiple passwords, as more and more our every day lives are digitized and we’re required to open online accounts to access basic services. 

‘The surge in online services has resulted in a proliferation of password usage,’ Islam said.

‘This has resulted in password fatigue – the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine. 

‘To cope with password fatigue, people reuse the same password across multiple websites, using simple and predictable password creation strategies. 

‘Attackers exploit these well-known coping strategies, leaving individuals vulnerable.’   

Dan DeMichele, vice president for Product Management at password manager provider LastPass, calls strong passwords ‘the first and most essential line of defence against a cyber-attack’.  

‘A strong password is at least 16 characters long and includes a mix of capital and lowercase letters as well as numbers and symbols,’ DeMichele said. 

‘Cyber attackers love it when their intended victims are uninformed and unaware about cyber security – it makes their task easier. 

‘It’s therefore imperative you keep up to date on security best practices.’ 



– Use a mix of special characters, numbers, capital letters. Including a range of upper and lower-case letters, as well as numbers and symbols (such as $ £ !), makes passwords securer and harder to hack.

– Aim for a long password with a minimum of 8-12 characters. The longer the password, the better. Longer passwords require more time to work out combinations and hackers looking for a quick win may be deterred.

–  Use multi-factor authentication. Two-factor authentication requires hackers to get through two layers of security checks before they can get onto your account.

– Use a password manager. When creating multiple unique passwords, it can be tricky to remember them all. Instead of writing passwords down or on your phone’s notes, there are many apps and websites where you can safely store these passwords instead.

– Change your passwords regularly. Changing your passwords often reduces the risk of your accounts being compromised.


– Don’t use personal information in your passwords. Stay away from using any type of personal information in your passwords, such as a name, date of birth, or your pet’s name. This information can easily be discovered by hackers from social media profiles or even public conversations.

– Don’t use obvious sequences of letters or numbers. Avoid using numbers and letters in common sequences such as 1234 or qwerty. These generic formats and memorable keyboard paths are the first to be guessed by hackers.

– Don’t tell anyone your password. Keep your passwords to yourself. If you were to share a password, make sure to change it soon after.

– Don’t automatically save passwords to your browser. It may be very convenient, but allowing your browser to save passwords risks your details being viewed by other people that use your devices.

– Don’t use the same password across multiple accounts. It’s important to not reuse passwords. If one account was to be hacked it could result in exposing other accounts to be breached with the same password.

Source: Dojo

Source: Read Full Article