Millions of Britons are still putting their faith in passwords that can be guessed in seconds, experts have warned.
Today is World Password Day, so there has never been a better time to bolster the passwords used to secure your accounts online. And there's no better place to start than triple-checking that you're not relying on any of the most common passwords.
Fortunately, cybersecurity researchers worked with the team at NordPass to put together a definitive list of the most common passwords used in the UK last year – so you can quickly check to see if you're using a recycled password that hackers can break in seconds. Published at the end of last year, the sixth annual report from NordPass hopes to improve password habits in the UK.
If your password has 8 characters or fewer, it could be cracked in just 17 seconds, a troubling report from Kaspersky found.
To determine the passwords that too many of us are using to secure our online accounts and apps, security researchers scoured a database of 4.3TB (that's equivalent to a whopping 4,300,000MB – that would need around 6,142 CDs to store) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.
Researchers from NordPass also offered a few handy tips to make sure you're using the strongest possible protections
|NORDPASS PRESS OFFICE
Of course, the information is a little outdated since we're five months into 2026, but if you haven't changed your passwords in some time, then the Top 20 from NordPass is still a superb starting point. Here is the complete rundown...
Top 20 Most Common Passwords In 2025 (UK)
- admin
- 123456
- password
- 12345678
- 123456789
- Password1
- Password
- 12345
- Lennon11
- 1234567890
- Password123
- Fortnite21
- password1
- qwerty123
- qwerty
- 123qwe
- abc123
- Strongman12
- daday123
- Liverpool1
@gbnews Microsoft has just asked millions of Windows and Xbox users to DELETE their passwords forever... This is why Microsoft is ditching passwords. #Microsoft #Windows #Xbox #Password #Tech #GBNews
The research revealed that Britons had stopped relying on "password" to secure their online accounts... only to replace it with another laughably weak password. Taking the Gold Medal position, "admin" was the most common password used in the United Kingdom over the last 12 months, replacing last year's top choice, "password". Meanwhile, "123456" ranks in the second spot of the newest list of the 20 most common UK passwords, compiled by the team at NordPass.
Passwords shield our personal information from prying eyes. From bank accounts to inboxes, social media to photo libraries, there's a lot of private data that could be accessed if someone gets their hands on your password. But despite this critical role, millions of Britons still rely on lacklustre passwords to keep their accounts safe.
While it's no longer top of the list, different variations of the word “password” take up as many as five spots in the UK’s top 20 most common passwords list. Different numeric combinations take up five more spots. NordPass researchers point out that sports-related terms (e.g., “football,” “arsenal”) are being replaced by swear words in some countries. However, this trend hasn't reached British shores.
LATEST DEVELOPMENTS
- EE upgrades 'triple-lock' scam protection at no extra cost
- Best VPN deals
- 'Shameful' Amazon change leaves millions of Kindle users unable to download books
- GTA VI price tag will be 'fair', promises chief exec.
- BT Mobile is back! Brits can rejoin network for the first time in years
- iPhone 17 Pro lookalike unveiled, but this Android phone is HALF price
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
The annual rundown of the most commonly-used passwords was published by security researchers working at NordPass — a popular password manager from the team behind the award-winning NordVPN, one of the best VPN deals around today.
There's no excuse not to shield your personal information with a decent password, not least because the number of passwords we all need to juggle every time has started to decrease for the first time. For the first time in six years since the team at NordPass started to track password usage trends, the average number of passwords managed by each of us has finally decreased.
A new study from the password manager reveals that in 2026, the average person handles approximately 120 personal and 67 work-related passwords. This marks a significant reversal of a multi-year trend that saw password burdens skyrocket. The peak was recorded in 2024, when the average user was juggling 168 personal and 87 business-related passwords.
“The data was a bit surprising, given the global growth in digital services and accounts,” says Karolis Arbačiauskas, head of product at password manager company NordPass.
“However, we have several ideas as to what might have caused the average count to go down. Users are increasingly opting for the convenience of logging in through single sign-on (SSO) with their primary account, such as Google, Apple, or Facebook. The growing adoption and promotion of password alternatives like passkeys, Apple Face IDs, and WebAuthn are also contributing to this long-awaited decline. Our own offering of passkeys may also have played a role in this trend.”
According to Arbačiauskas, the new data offers hope that passwords are finally being replaced by passkeys and other login methods. It comes as GCHQ urged all Britons to ditch tried-and-tested passwords in favour of passkeys.