All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Britons have stopped relying on "password" to secure their online accounts, new research has revealed.
But don't celebrate just yet — this notoriously weak password has been replaced by a similarly-guessable word. Taking the Gold Medal position, "admin" was the most common password used in the United Kingdom over the last 12 months, replacing last year's top choice, "password". Meanwhile, "123456" ranks in the second spot of the newest list of the 20 most common UK passwords, compiled by the team at NordPass.
Passwords shield our personal information from prying eyes. From bank accounts to inboxes, social media to photo libraries, there's a lot of private data that could be accessed if someone gets their hands on your password. But despite this critical role, millions of Britons still rely on lacklustre passwords to keep their accounts safe.
While it's no longer top of the list, different variations of the word “password” take up as many as five spots in the UK’s top 20 most common passwords list. Different numeric combinations take up five more spots. NordPass researchers point out that sports-related terms (e.g., “football,” “arsenal”) are being replaced by swear words in some countries. However, this trend hasn't reached British shores.
Black Friday deal — NordPass drops to 79p + unlock 3 months FREE
Get 52% off NordPass and an extra three months for freeNordPass is a secure password manager that works across your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets ...it will evaluate your password strength, autofill login details for you, and warn about any data breaches that impact you. It's a one-stop-shop to improve your online security and fightback against hackers from the team behind the award-winning NordVPN
NordPass Password Manager
$1.29
$0.79
Britons are replacing sports-themed passwords with words related to music and gaming, such as “Lennon11” and “Fortnite21”.
If you have any online accounts protected with one of the passwords in the Top 20, then it's time to change to something new – and much more secure. We've published the full list of UK passwords below. Of the entries in the list, only "liverpool1" would take 2-seconds to crack, everything else could be unlocked by hackers in less than 60 seconds, according to the experts.
Worldwide, “123456” remains the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
The annual rundown of the most commonly-used passwords was published by security researchers working at NordPass — a popular password manager from the team behind the award-winning NordVPN, one of the best VPN deals around today. Last year, most Britons used the word "password" to keep their digital data under lock-and-key, while the previous year saw "123456" as the best method to secure personal information.
Discussing the findings from the latest list from NordPass, Head of Product, Karolis Arbaciauskas told GB News: "Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene.
"The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome."
The latest findings from the security experts show that for digital natives — those who grew up immersed in the online world — extensive exposure to technology doesn't automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.
LATEST DEVELOPMENTS
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” added Karolis Arbaciauskas.
Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers. Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it's “Maria,” and for the Silent Generation, it's “Susana.”
NordPass was created by the experts behind NordVPN — the advanced security and privacy app trusted by more than 14 million customers worldwide
|NORD PRESS OFFICE
Experts at NordPass have issued several recommended security practices for better password strength.
First up, never reuse a password across accounts, as if even one of these username-password combinations is leaked or compromised, then it could lead to multiple security breaches.
NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters. Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.
If you're struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you're unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters.
If you're struggling to think of something, then a password manager is a brilliant way to generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.
Passwords will be autofilled into the login screen, so there's no need to remember the unguessable combination of symbols, lowercase and capital letters, and numbers for your account.
NordPass is one option available alongside the likes of LastPass and 1Password.
Passwords is a newly designed app for iPhone, iPad, and Mac created by the teams at Apple to manage, generate and store passwords for every website, subscription or app you use. Everything will be accessible across devices and encrypted before it's stored as part of an iCloud plan | APPLE PRESS OFFICE | GBN Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and Passwords respectively, that generate and store passwords. The latter was rebooted as a standalone application as part of the free upgrade to iOS 18 released in September for iPhone owners worldwide.
Lastly, NordPass suggests switching to passkeys where possible, noting that major providers like Google, Microsoft, and Apple now support this more secure alternative. These allow you to sign-in to apps, websites, and other online accounts in the same manner that you unlock your device – using a fingerprint, a face, or an on-screen PIN.
Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.
Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time. For the time being, we're still stuck with passwords for a huge number of our online accounts ...as such, it's time to ditch "password" and think of something a little stronger.
For organisations, implementing a comprehensive password policy is crucial, including the use of password managers and multi-factor authentication requirements. Security advice for enterprise security has changed dramatically over the year, with experts now warning against forcing employees to change their password multiple times per year.
- View Deal | Get started with 1Password for FREE
- View Deal | LastPass offers FREE 30-day trial
Cybersecurity researchers worked with the team at NordPass to put together the definitive list of the most common passwords of the year — the sixth annual report of its kind to improve password habits in the UK and globally.
To find the most common passwords, the security researchers scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.
Top 20 Most Common Passwords In 2025 (UK)
- admin
- 123456
- password
- 12345678
- 123456789
- Password1
- Password
- 12345
- Lennon11
- 1234567890
- Password123
- Fortnite21
- password1
- qwerty123
- qwerty
- 123qwe
- abc123
- Strongman12
- daday123
- Liverpool1
More From GB News