America

Warning issued to 40.8 million Brits putting themselves at risk with dangerous password habit

a cursor hovers over the Sign In button after entering a password into an online login form

Researchers scoured gigabytes of leaked data to put together the list of the most commonly used passwords worldwide

GETTY
Aaron Brown

By Aaron Brown


Published: 01/05/2025

- 08:57

Updated: 01/05/2025

- 10:09

All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more

Adding a punctuation mark or number at the end of a reused password is not enough, experts warn

  • Research shows 60% of Britons reuse a password across multiple accounts
  • On average, the same password is used across 5 different online profiles
  • Britons will usually reuse a password on "less important" accounts
  • Security experts have issued a warning over this common practice
  • Cybercriminals only need a single weak-link to break into your online life
  • It comes as analysis revealed "password" was the most popular choice in the UK

Passwords shield some of our most valuable information from prying eyes.

From bank accounts to email inboxes, social media accounts to photo libraries, there's a lot of private data stored online that could be accessed if someone gets their hands on your password. But despite the critical role played in our day-to-day lives, new research claims 60% of Britons reuse passwords across multiple accounts.

This common practice puts online security at serious risk, experts have warned.

With over 68.35 million people living in the UK, the alarming new research released by NordPass to mark World Password Day today (May 1, 2025) means over 40 million Britons are taking part in this dangerous practice.

If you are one the millions using the same password across different websites, mobile apps, and online accounts — you could be setting yourself up for disaster. That's because as soon as one account is compromised, hackers can gain access to all your other accounts using the same email address and password combination.

This creates a dangerous domino effect that could expose your entire digital life to cybercriminals in seconds.

Switch to 1Password for FREE

The award-winning 1Password is designed to generate and store unguessable passwords, passkeys, credit card numbers, national insurance numbers, and much more. This encrypted vault is available across all of your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets. Its built-in WatchTower feature evaluates password strength and warns about data breaches that impact you. 1Password is currently free to test for 14 days with no obligation to subscribe

1Password
$2.99 $0
Buy Now

The new research found that on average, UK residents reuse passwords across roughly five different accounts, with one-fifth admitting they reuse the same password across 10 or more accounts. Yikes.

Even more concerning, NordPass research shows one-third of UK residents who reuse their passwords only have 12 regular "go-to" passwords that they cycle through across all of their accounts.

a hand holds up a smartphone with the NordPass app open and a list of all saved passwords and accounts

Remembering dozens of unique passwords is a tough ask for anyone... so let a password manager take the strain. These applications can generate one-of-a-kind, secure passwords for all of your accounts and lock them away behind a facial recognition or fingerprint scan

NORDPASS PRESS OFFICE

Head of Business Product at NordPass, Karolis Arbaciauskas said: "It’s possible that people only remember the five they use regularly.

"Our recent research shows that the average internet user has over 160 passwords, including work accounts. But some people may feel like they only have a handful of passwords and accounts because they use only about five platforms."

Surprisingly, the habit of reusing passwords spans across all demographics, with the survey finding no significant difference between men and women in reuse habits. However, Gen Z is more likely to reuse passwords, while Baby Boomers tend to have more accounts with reused passwords.

The dangers of this password reuse habit cannot be overstated, according to the experts.

Ms Arbaciauskas added: "People reuse passwords because it's easier that way, we all know that. But it is worrying that, despite repeated warnings, about 10% of respondents still don't think there's a significant risk in reusing passwords. This mindset is a disaster waiting to happen.

"Threat actors could gain access to all your accounts, your identity could be stolen and your credit card maxed out, or a loan could be taken out in your name."

If you belive your online account isn't valuable enough to become a target — think again.

Save 50% on NordPass for World Password Day 

NordPass is a secure password manager that works across your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets ...it will evaluate your password strength, autofill login details for you, and warn about any data breaches on the Dark Web that impact you. It's a one-stop-shop to improve your online security and fightback against hackers from the team behind the award-winning NordVPN

[countdown-2025-05-02]

NordPass Password Manager
$2.39 $1.19
Buy Now

Many of those surveyed by NordPass said they only used the same password for accounts they consider "less important" – a dangerous misconception according to Karolis Arbaciauskas, who stresses there really are no "less important" accounts when it comes to security.

That's because hackers will often target low-security sites first, using reused passwords to attempt logins on more critical accounts—a tactic known as credential stuffing.

Once one account is compromised, it can lead to identity theft, financial loss, or access to other linked services. Cybercriminals can piece together information from seemingly unimportant accounts to craft convincing phishing attempts or identity theft schemes.

Reusing passwords creates a single point of failure, so each account should have a unique, strong password to minimise risk and protect personal data across the web.

The most common modification is adding or changing a number, symbol, or letter – a tactic that provides little additional security. However, the survey found that around half of the people who reuse passwords and have 12 go-to passwords don't make any changes whatsoever when reusing them.

The latest research shared by NordPass follows a similar study by the same company last year that revealed concerning password habits among Britons. In 2024, "password" topped the list of most commonly used passwords in the UK, with "Password" (capitalised) also appearing in the top 20.

This marked a shift from 2023, when "123456" was the most popular choice.

Other common passwords included "qwerty123", "123456", "liverpool", "123456789", "password1", "qwerty", "liverpool1", and "arsenal".

Football references remain popular with "Arsenal," "Chelsea," and "Liverpool" all ranking in the top 20.

Simple keyboard combinations like "qwerty" and dictionary words continue to dominate despite being extremely vulnerable to cyberattacks. If you're using any of these passwords, you should change them immediately.

The research found that most of these common passwords can be cracked by hackers in under 10 seconds, with many being guessable in less than a second.

A mouse cursor hovers over the login button and password text field on a website Researchers scoured gigabytes of leaked data to put together the list of the most commonly used passwords worldwide last uear GETTY IMAGES

This marks a significant decline in password security compared to previous years. According to NordPass, 78% of common passwords are now crackable in under a second, up from 70% the previous year.

Cybersecurity researchers worked with the team at NordPass to put together the definitive list of the most common passwords of the year — the sixth annual report of its kind to improve password habits in the UK and globally.

To find the most common passwords, the security researchers scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.

With the average internet user now required to juggle 168 personal passwords and 87 work-related ones, it's understandable that people rely on the same very simple passwords time and time again.

The overlap between personal and work passwords presents a significant security concern, with research showing 40% of the most common passwords are identical across both domains.

Karolis Arbaciauskas, Head of Business Product at NordPass, explains this behaviour: "No matter if I wear a suit and tie at work or I’m scrolling through social media in my pajamas, I am still the same person.

"This means that regardless of the setting I am in, my password choices are influenced by the same criteria — usually convenience, personal experiences, or cultural surroundings. Businesses ignoring these considerations and leaving password management in their employees’ hands risk both their company’s and clients’ security online."

Experts at NordPass have issued several recommended security practices for better password strength.

First up, never reuse a password across accounts, as if even one of these username-password combinations is leaked or compromised, then it could lead to multiple security breaches.

NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters. Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.

If you're struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you're unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters.

Save 50% on Dashlane on World Password Day

Like the others in this list, Dashlane securely stores and manage all your passwords in one place. It automatically fills in login details, making it easy to access your accounts without remembering every password. Dashlane works on computers, smartphones, and tablets through apps and web browsers, helping you stay safe and organised across all your devices. For World Password Day, it's slashed 50% off its annual subscription, which comes with a VPN service bundled too

[countdown-2025-05-02]

Dashlane
$4.99 $2.49
Buy Now

If you're struggling to think of something, then a password manager is a brilliant way to generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.

Passwords will be autofilled into the login screen, so there's no need to remember the unguessable combination of symbols, lowercase and capital letters, and numbers for your account.

NordPass is one option available alongside the likes of LastPass, Dashlane, and 1Password.

Switching to a password manager doesn't have to result in a new monthly subscription. Both Google and Apple offer built-in password managers with their most popular products, dubbed Google Password Manager and Passwords respectively, that generate and store passwords.

The latter was rebooted as a standalone application as part of the free upgrade toiOS 18 released in September for iPhone owners worldwide.

Lastly, NordPass suggests switching to passkeys where possible, noting that major providers like Google, Microsoft, and Apple now support this more secure alternative.

These allow you to sign-in to apps, websites, and other online accounts in the same manner that you unlock your device – using a fingerprint, a face, or an on-screen PIN.

Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.

Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time. For the time being, we're still stuck with passwords for a huge number of our online accounts ...as such, it's time to ditch "password" and think of something a little stronger.

For organisations, implementing a comprehensive password policy is crucial, including the use of password managers and multi-factor authentication requirements. Security advice for enterprise security has changed dramatically over the year, with experts now warning against forcing employees to change their password multiple times per year.

Cybersecurity researchers worked with the team at NordPass to put together the definitive list of the most common passwords of the year — the sixth annual report of its kind to improve password habits in the UK and globally. To find the most common passwords, the security researchers scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.

Top 20 Most Common Passwords In The UK

  1. password
  2. qwerty123
  3. qwerty1
  4. 123456
  5. liverpool
  6. 123456789
  7. password1
  8. qwerty
  9. liverpool1
  10. arsenal
  11. 12345678
  12. chelsea
  13. Password
  14. charlie
  15. football
  16. abc123
  17. arsenal1
  18. rangers
  19. Password1
  20. charlie1
TechMalwareAppleAndroidWindows