A padlock on a computer keyboard

The passwords hackers can crack in seconds

Laura Bond
Authored by Laura Bond
Posted: Thursday, May 21st, 2026

If your password is still “123456”, “Liverpool” or even your own first name, cybersecurity experts say you could be making life dangerously easy for hackers.

New research has revealed the world’s most commonly used passwords — and many of them are astonishingly simple. The study found millions of people are still relying on predictable combinations, favourite football teams, pop culture references and everyday words to protect their online accounts.

According to the analysis of more than 1.3 billion passwords exposed in data breaches, “123456” remains the most used password globally, appearing almost 210 million times.

Other commonly used passwords include “password”, “admin”, “qwerty” and various number sequences such as “123456789”. Cybersecurity specialists warn these are among the first passwords criminals try when attempting to break into accounts.

The research also revealed people frequently use personal interests and familiar names in their passwords.

“Daniel” was found to be the most commonly used first name in passwords, while “football” topped the sports category.

Football fans may also be surprised to discover their loyalty could be putting their accounts at risk. “Liverpool” was the most commonly used football team password, followed by Barcelona, Juventus, Chelsea and Arsenal.

Meanwhile, fictional characters including Superman, Batman and Naruto also ranked highly, alongside animal names such as “dragon” and “monkey”.

Experts say the issue is not simply that these passwords are easy to remember — it is that hackers already know people use them.

Richard Rubenstein, CEO of Email Audit Engine, said criminals often use huge databases of previously leaked passwords to test accounts automatically.

He said: “The problem with passwords like ‘123456’ is that hackers don’t need to guess them. They already appear in breach lists, and those lists are often used to test whether the same passwords work on other accounts.”

He added that many people still create passwords based on things connected to their identity, such as birthdays, pets, favourite sports teams or fictional characters — all of which can often be discovered through social media profiles and public information.

Cybersecurity experts recommend using long, unique passwords for every account, ideally generated through a password manager. They also advise enabling multi-factor authentication, which adds an extra layer of security even if a password is stolen.

The findings were based on data from the Have I Been Pwned database, which tracks passwords exposed in data breaches around the world.

Share this

Tags

passwords
computers
hackers
cyber security