Weak and common passwords pose significant security risks, especially as more and more of us are increasingly living our lives online. But are you aware of how weak your passwords are? In this article, we discuss what a weak password is, list some of the most common passwords in the UK and explain how to create stronger passwords. But, first things first, what is classed as a weak password?
Weak passwords are those that are easy to guess by criminals. Typically they will fall under one of the following categories:
- Recognisable keystroke patterns, e.g. qwerty
- Use of personal information, e.g. Jane99
- Using the same password, but with minor changes, e.g. Jane99!
- Repeated characters, e.g. 11111
Read on to learn more about weak passwords and to find out if your passwords are weak. We’ll also show you how to create strong passwords and take you through some additional security tips.
What is a Weak Password?
Weak passwords are those that are easily crackable by cyber criminals. They are typically made up of a combination of characters or words that are easy to guess. For example, your birthday, pet names, football teams or common words and phrases.
Passwords are also considered weak when they are reused across multiple accounts – you should use different passwords for each and every account and keep track of them in a secure password management system.
Some examples of weak passwords (and why they’re considered weak) include:
| Password Example | Why it’s a Weak Password |
| QWERTY | Recognisable keystroke patterns |
| Jane99 | Using personal information – in this case, your name and birth year |
| Jane99Jane1999Jane99! | Passwords varied by small changes. E.g. changing the date from ‘99’ to ‘1999’ or adding an exclamation mark on the end |
| Admin12345 | Using the most commonly used passwords |
| 11111 | Repeated characters |
The Most Commonly Used Passwords
Above we discussed what makes a weak password, but now we’re going to show you the most common passwords in the UK.
- 123456
- 123456789
- Qwerty
- Password
- 111111
Other commonly used passwords include names such as ‘ashley’, ‘michael’ and ‘daniel’, football teams like ‘liverpool’ and ‘chelsea’, musicians, and even fictional characters such as ‘superman’ and ‘batman’.
How weak is your password? Is yours on this list? If it is, you might want to think about changing it to something more secure. Cyber criminals will be able to access your account in a heartbeat with such weak passwords.
In the News: ‘Admin’ and ‘12345’ Banned as Passwords in the UK
In April 2024, a new law was introduced in the UK, banning some of the most common passwords, such as ‘Admin’, ‘12345’ and ‘Password’. The UK is the first country to introduce this law as part of the Product Security and Telecommunications Infrastructure (PSTI) regime – designed to improve the UK’s resilience from cyber attacks.
Under the new law, manufacturers of internet-connected devices will be required to implement minimum-security standards. As well as default passwords, if a user suggests a common password they will be prompted to change it on creation of a new account.
This new law comes after an investigation by Which? found that a home filled with smart devices could be exposed to more than 12000 hacking attempts per week. This includes 2684 attempts to guess weak passwords per week.
How to Create a Strong Password
With this new law in mind, you might be wondering what makes a strong password. Here are our top three tips:
- Avoid using predictable and guessable passwords, such as names, dates and common passwords.
- Don’t reuse passwords across multiple accounts. Also avoid simply changing one or two characters to make it “unique”.
- Create a memorable, strong password by combining three random words. For example, cuplampbrush.
Learn more about password best practices in our blog, Safeguarding Your Business: How to Implement Safer Passwords.
Additional Tips for Keeping Your Accounts Secure
Some sites might ask for specific characters such as numbers, capitals and special characters, which makes using three random words more difficult. However, such characters can easily be incorporated into your three random words, e.g. Cup!lamp7bRush.
This naturally makes passwords harder to remember, especially when you need unique passwords for each account, but the use of a secure password management tool can help you to keep track of everything. All you have to do is remember the master password.
In fact, when using a password manager, there’s no need to use three random words. It would be safer to use a random password generator and keep track of those passwords in the password manager. Another great tip here would be to use the random generator to create a really long master password for the password manager and keep that password stored separately on a USB stick. This makes it almost impossible to break into your password manager (and therefore other accounts) without breaking into your property to find the USB stick.
Another great way of keeping your accounts secure is to use 2 factor authentication (2FA). Many companies allow you to set up 2FA, which involves you logging into your account as normal, before being presented with an additional layer of protection. This is most commonly a code sent to your mobile, which you then need to input to proceed.
Even if someone managed to guess your password, 2FA means that they can’t get into your account.
Stay Up to Date With NEBRC
For further guidance on effective password management, contact [email protected]. You can also stay up to date with the ever-changing digital landscape and security threats, by signing up for our free core membership.
The NEBRC is a Police led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.