For the last seven years, online password manager NordPass has compiled a list of the 200 most commonly used internet passwords.
In 2025, the UK top 20 features five variations of the word “password” and another five consisting of consecutive numbers such as “12345678”. Password manager Bitwarden confirms that these passwords would take hackers less than a second to crack. But it’s not a UK-only problem.
The most common password worldwide is “123456”. If you are currently using this password for any of your online accounts, you should consider changing it now, both to protect yourself online and in honour of 10 February’s Safer Internet Day.
Recent high-profile data breaches have highlighted the need for robust security and vigilance
Back in April 2025, the Co-op experienced a data breach that cost the company a reported £206 million. Alongside issues with processing payments and stock shortages, all 6.5 million Co-op members had their data stolen.
And the company wasn’t the only one to suffer a cyberattack in 2025. Jaguar Land Rover was forced to shut down its IT systems, while Marks & Spencer suffered a £300 million loss in online sales following an attack.
We’ve spoken about the importance of online protection before. You might have heard about the worrying rise of so-called “Hi Mum” fraud or read our comprehensive guide to scams and how to avoid them.
While you might believe that you’d never fall victim to one of these scams, it’s important to remember that the criminals’ tactics are evolving all the time. Not only will they try to catch you off guard and prey on your emotions, but they’ll use the latest technology – including AI – to help them do so.
That’s why it’s so important to stay on your guard at all times and do everything in your power to keep yourself safe. And that starts with choosing hard-to-crack passwords.
Safe passwords contain a mixture of letters, digits, and special characters, and online password generators could help
Simple steps can make your passwords much harder to crack. Alongside “admin”, “password”, and “123456”, other easily hacked passwords include names followed by dates of birth, or any proper noun (a holiday destination, a pet’s name, or a favourite football team) that could be guessed simply by browsing your social media.
Longer passwords generally take longer to crack, so consider combining three words, chosen at random, but integrate numbers and special characters too.
For example, the random three-word password “appleintelligentgoal” could be cracked in three days, according to Bitwarden, while “appleIntelligentg04l!” would take three years.
Online generators can help you to create random, strong passwords. Here’s a look at the time it might take hackers to crack generated passwords of varying length:
- Cvf#J8l – 17 minutes
- Cvf#kJ8l8 – 1 day
- Cvf#kJ8l8iw – 4 months
- Cvf#kJ8l8iwaP – 31 years
- Cvf#kJ8l8iwaPSD – centuries
There are other important rules to remember, too. Don’t reuse the same password or even variations on the same theme. Each account should have a unique password. If one account is compromised, hackers will automatically use that same password (and variations on it) to try to access your other accounts.
Also, think about two-factor authentication (2FA). It’s effectively an extra line of defence that will usually require a PIN, the answer to a security question, or a code sent to another device or email address. Simply the existence of 2FA could be enough to make a hacker look elsewhere.
If your password is among the most commonly used, consider changing it now and look out for these potential scam red flags
Your account passwords are the first line of defence against hackers and would-be scammers. Use Bitwarden or a similar online checker to test the strength of your password, and consider changing those that aren’t up to scratch.
Remember too that online safety isn’t just about strong passwords and 2FA.
Financial Planning Today confirmed last year that five money launderers were jailed for stealing £2.37 million from 40 victims via a large-scale romance fraud. Each victim lost an average of £81,250, although it’s suspected that other victims have chosen not to come forward.
Scammers look to take advantage where we’re at our most vulnerable, whether scaring victims through impersonating police officers or loved ones, or by pressuring targets into making quick decisions. They will make contact at times of the day when they know we’re most stressed or even target the recently bereaved.
Visit the UK Finance Take Five to Stop Fraud page or take a fresh look at our comprehensive scam guide for more information.
Get in touch
If you’re looking for an independent financial adviser in Milton Keynes or Olney, look no further. At Jane Smith Financial Planning, we’ve been helping clients for 30 years, so contact us at info@janesmithfinancial.com or call 01234 713131 to see what we can do for you.
Please note
This article is for general information only and does not constitute advice. The information is aimed at retail clients only.
Production