If you still think that your birthday is a strong enough password for your sensitive accounts, you may need to think again.
Researchers have now revealed the UK’s most hackable passwords and the list includes some of the most common combinations.
A study conducted by KnownHost found that more than a third of the 200 most common passwords contain either just numbers or just letters.
The most hackable password of them all was ‘123456’, which has been involved in more than 50 million data breaches between 2007 and 2025.
This was closely followed by ‘123456789’ which appeared in more than 20 million data breaches.
And, as always, ‘password’ was once again found to be among the UK’s most common and hackable passwords.
This common phrase was used almost 700,000 times by accounts in the dataset and was involved in more than 11 million data breaches.
Daniel Pearson, CEO at KnownHost, said: ‘Cybercriminals are constantly evolving their tactics, but simple password hygiene can be the difference between staying protected and having your details included in a data breach.’
Researchers have revealed the UK’s most hackable passwords. Topping the list is ‘123456’, which has been involved in more than 50 million data breaches between 2007 and 2025 (file photo)
To calculate the UK’s most hackable passwords, KnownHost compared a list of the 200 most common passwords to a database of known data breaches.
The researchers then combined the password’s length, popularity, the number of data breaches it was involved in, and how long it would take to crack.
This gave each password a score of zero to 10, with 10 being the strongest and zero the weakest.
The very worst password on the list, ‘123456’, scored a pitiful security rating of just 0.36 – a full three points below the next most hackable option, ‘123456789’, at 3.03.
This was followed by ‘1234’ in third place, which appeared in more than four million data breaches and scored just 3.69.
‘12345678’ and ‘12345’ came in at fourth and fifth with scores of 3.77 and 3.79 respectively.
Seven of the top 10 most hackable passwords included a string of repeating or consecutive numbers, including all of the top five.
While hackers now have many different ways of accessing your data, this makes it clear that using a string of numbers as your password is a surefire way of exposing yourself.
Of the 200 most common passwords, over 30 per cent contained either just numbers or just letters. This makes them extremely easy for hackers to guess
| Rank | Password | Number of data breaches |
|---|---|---|
| 1 | 123456 | 50,203,085 |
| 2 | 123456789 | 20,508,946 |
| 3 | 1234 | 4,453,720 |
| 4 | 123456789 | 9,875,311 |
| 5 | 12345 | 4,934,837 |
| 6 | password | 11,393.057 |
| 7 | 111111 | 5,409,781 |
| 8 | admin | 4,957,283 |
| 9 | 123123 | 4,304,392 |
| 10 | abc123 | 4,203,865 |
However, using words rather than numbers doesn’t necessarily mean you are making yourself any more secure if you use a common phrase.
Both ‘password’ and ‘admin’ were among the top ten most hackable passwords in the UK, with security scores of 3.85 and 4.04.
Collectively, these two passwords have been involved in more than 16 million data breaches since 2007.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘Using simple to guess or common passwords puts you at risk because hackers use a variety of impressive automated tools that can guess passwords in seconds.’
‘By using a weak password, you are making it even easier for criminals to gain access to your accounts and lock you out.’
Likewise, Mr Moore says that using any words related to your personal life which can be found on social media, such as your pet’s name, gives hackers an extra head start.
Websites with good cybersecurity typically require users to make passwords containing combinations of upper and lowercase letters, numbers, and special characters.
Doing this makes it significantly harder for hackers to guess your password or crack it by brute force.
Although longer passwords are usually more secure, this doesn’t help if you use common words or combinations of numbers. Two of the top ten most hackable passwords were found to have eight letters
‘A unique combination of uppercase and lowercase letters, numbers and special characters is advisable plus it should be at least 12 characters long,’ says Mr Moore.
However, none of the 200 most common passwords tested in this study contained any special characters.
Additionally, although longer passwords are usually more secure, this doesn’t make a difference if you use simple combinations.
For example, two of the most hackable passwords, ‘12345678’ and ‘password’, are made up of eight letters or numbers.
Even if you do have a secure password, you might still be putting yourself at risk of being hacked if you use the same combination for multiple accounts.
Recently, it was revealed that hackers were able to steal terabytes of data from Ticketmaster by targeting employees who were reusing passwords between accounts.
The hackers were able to steal passwords from a less well-protected third-party company and use those to gain access to more sensitive data.
Mr Moore says: ‘Reusing passwords is not advised because if one account gets hacked, all your other accounts using the same password instantly become a vulnerable target as well.
To keep yourself safe online, experts advise that you use a unique password containing a combination of numbers, letters, and special characters for every account. Reusing passwords between sites can put you at risk of being hacked (stock image)
‘Data breaches occur on a daily basis so if one of your used passwords is in amongst a breach, it can quickly give cybercriminals access to your other accounts.’
In order to stay safe online experts advise that you use a strong password containing a mix of numbers, letters, and special characters which is unique to each account you use.
Since this makes it harder to remember all your passwords, it is advised that you use a secure password manager.
This keeps all your passwords encrypted in one place so that you only need to remember one very strong password to get into the manager.
You should never leave your passwords written down or saved in a document on your computer, since this could easily fall into the wrong hands.
