
The passwords you really need to stop using
Could your password be making life far too easy for hackers?
If your login is based on your favourite football club, pet, superhero or even your own name, cybersecurity experts say it could be time for a rethink.
New research has revealed that millions of people continue to use incredibly predictable passwords despite years of warnings about online security. And while they may be easy to remember, they are just as easy for cybercriminals to crack.
The analysis, carried out by insurance specialists Alan Boswell Group using leaked password data from the Have I Been Pwned database, highlights just how common weak passwords remain.
Perhaps unsurprisingly, the old favourite '123456' tops the list, appearing almost 210 million times in exposed password databases.
Other familiar choices include 'password', 'admin' and 'qwerty' – passwords so common that hackers often try them first when attempting to access online accounts.
Football fans beware
For football supporters, loyalty to your club could also be putting your accounts at risk.
Liverpool is the world's most commonly used football team password, appearing nearly 1.8 million times in leaked databases. It is followed by Barcelona, Juventus, Chelsea and Arsenal.
The word 'football' itself appears more than 2.6 million times, making it the most popular sporting password.
Superman beats Batman
Comic book fans aren't much better.
Superman is the most frequently used fictional character as a password, appearing more than 2.1 million times.
Batman, Spider-Man, Snoopy, Garfield and even SpongeBob also feature heavily among exposed passwords.
Even your own name isn't safe
Many people also rely on first names or birth years when creating passwords.
The name Daniel tops the list, followed by Michael, Jessica and Thomas.
Meanwhile, 2020 is the most commonly used year, ahead of 1990, 2021 and 2000.
Security experts say using birth years or memorable dates makes passwords significantly easier to guess.
Monkey business
Animal names are another popular choice.
The most common is Monkey, which appears almost four million times, followed by Butterfly, Chicken, Scorpion and Spider.
Elsewhere, people have chosen everything from Orange and Banana to Computer, Diamond and Money as passwords.
Why it matters
While these passwords may seem harmless, experts warn they often already exist in huge databases compiled from previous data breaches.
That means criminals don't necessarily have to "guess" them. Instead, automated software can test millions of leaked passwords across different websites within seconds, particularly where people reuse the same login across multiple accounts.
According to the latest UK Government Cyber Security Breaches Survey, 43% of UK businesses identified a cyber breach or attack during the past year.
For individuals, the consequences can include hacked email accounts, fraudulent online shopping purchases, stolen social media accounts or even access to online banking.
How to stay safer online
Cybersecurity experts recommend:
-
Never use obvious passwords such as "123456", "password" or your favourite football team.
-
Avoid names, birthdays and memorable dates.
-
Use a unique password for every account.
-
Turn on two-factor or multi-factor authentication wherever possible.
-
Consider using a password manager to generate and securely store complex passwords.
A few extra seconds creating a stronger password today could save hours—or even days—of stress if your accounts ever fall into the wrong hands.
Source: Analysis by Alan Boswell Group using password data from Have I Been Pwned. More information about cyber security and cyber insurance is available from Alan Boswell Group.













