-
‘Admin’ became the most common password in the UK last year, replacing ‘password’ in the top spot, numeric sequences also rank highly on NordPass’s annual list.
-
Adding special characters does little to improve security when users follow predictable patterns, any eight-character password can crack in just seventeen seconds according to Kaspersky.
-
The average person now manages 187 total passwords, a drop from 255 two years ago – notably, more people adopt single sign-on options and passkey technologies that GCHQ recommends.
Cybersecurity researchers have issued a stark warning to millions of UK residents regarding their password habits. Many people continue to use simple combinations that criminals can guess almost instantly.
Today marks World Password Day, which makes the perfect moment to review online security practices. Security experts from NordPass analyzed stolen data from certain major breaches to determine which passwords appear most frequently in usage frequency.
The findings reveal that many Britons still rely on laughably weak protection for their sensitive accounts.
Admin Takes Top Spot as Britain’s Most Common Password
The annual NordPass report shows that “admin” now ranks as the most frequently used password across the United Kingdom. It took the position from last year’s leader “Password,” which has dropped to third place this year. The second most popular password is ‘123456’ – this also stands as the world’s most commonly used numeric sequence.
Various forms of “Password” occupy 5 entries in the top 20 most used passwords in the UK. Numeric strings take up another five positions on that same list. Sports-related terms like “football” and “Arsenal” have become less popular in other countries, where swear words now appear more frequently. This particular trend has not yet reached British shores.
The complete top 20 list contains lots of easily guessable choices – including ‘12345678’, ‘12345’, ‘123456789’, ‘abc123’, ‘Password1’, ‘qwerty’, and ‘Liverpool1’.
Weak passwords don’t just put individuals at risk; they can have devastating consequences for large organizations as well. In a recent high-profile incident, a Hungarian government email breach exposed 795 credentials across 12 ministries, highlighting how poor password practices can compromise national security. Read the full story, Hungarian government Email breach exposes 795 credentials across 12 ministries.
Special Characters Do Little to Strengthen Weak Passwords
Compared to last year, the research revealed an increased utilization of special characters in passwords: the global sample of passwords (applicable worldwide) now includes 32 passwords that contain a special character, previously it was six. The most frequently used special character is “@”.
However, the mere act of including a special character does not necessarily result in increased password security. Those who use special characters in their passwords tend to replace letters with them. For example, ‘P@ssw0rd’, ‘Admin@123,’ and ‘Abcd@1234’ are all examples of passwords that the user substituted letters for special characters, but can still be cracked relatively easily with little effort.
Kaspersky published a troubling report stating that any password with eight characters or fewer could be broken in just seventeen seconds. This timeframe gives criminals virtually no obstacle when attempting to access protected accounts.
Passwords guard access to bank accounts, email inboxes, social media profiles, and private photo collections; a compromised password can expose all this sensitive information to criminals in seconds.
Password Burdens Finally Decreasing After Years of Growth
There’s finally some positive news from the NordPass research report. For the first time in nearly six years, people no longer have a heavy burden to bear, putting in multiple passwords over time. Per this research, in 2026, an average user will be using a total of 120 different personal passwords and 67 different work-related passwords.
It is pretty surprising how much of a decrease there has been since 2024, when people were using, on average, 168 personal passwords and 87 business-related passwords. Many users have grown weary of having to manage more and more passwords as time goes on.
Karolis Arbačiauskas, head of product at NordPass, stated that the data surprised his team, given the global growth in digital accounts. He suggested several possible explanations for the decline. More users now choose single sign-on options through major providers like Google, Apple, and Facebook.
The growing adoption of password alternatives also contributes to this trend. Passkeys, Apple Face ID, and WebAuthn provide more secure methods that do not require memorization. GCHQ recently urged all Britons to abandon traditional passwords in favor of these newer passkey technologies.
