With all major payment trends unequivocally pointing towards an increasingly digitalised future, it comes as no surprise that cybercrime and digital fraud are on the rise too. In fact, a whopping 80% of UK organisations experienced at least one successful cyberattack in 2019, while cybercrime was up 600% due to the Covid pandemic. 

When the numbers are this high, you really can’t afford to have any gaps in your security – including when setting those all-important account passwords. So, to help you improve your safety that little bit more, we’ve conducted a study revealing the most commonly hacked passwords worldwide.

The study

The issue: people tend to use easy-to-remember passwords across multiple accounts, exposing themselves to fraudsters. The solution: improving your security by avoiding the most hacked passwords in the world. 

Analysing NCSC data on over 100,000 breached passwords, we were able to categorise the top hacked passwords into over 30 categories, from sports to star signs. By seeing which category had the most breached passwords, the study can reveal the password subjects you should avoid as a whole to stay secure online.

The top 20 most commonly hacked password categories according to data 

With the ever-increasing popularity of ecommerce and our collective shift to digitalisation, breaches are getting bigger, and the need for tools such as 3D Secure authentication is stronger. But you, too, as a business owner, can take some steps towards enhanced security – such as avoiding simple passwords, especially when they belong to the most commonly guessable categories. (Not to mention, you should consider the below when setting up your personal passwords, too!) Here are the top 20 password categories to stay away from.

Rank

Category

Total of breached passwords that include the top 20 words/phrases in that category*

1

Pet names/terms of endearment

4,032

2

Names

3,913

3

Animals

2,112

4

Emotions

1,917

5

Food 

1,662

6

Colours

1,450

7

Swear words

1,268

8

Actions 

991

9

Family Members

723

10

Car Brands

606

11

Cities

505

12

Brands

477

13

Countries

463

14

Sports

457

15

Religions

341

16

Hobbies

314

17

Weather

313

18

Drinks

268

19

Social media platforms

253

20

Star Signs

204

*The score is calculated by using how many times the top 20 terms/words from each category were included in the most commonly breached passwords list.

Passwords including pet names and terms of endearment are the most commonly hacked category 

Out of all the categories studied, the top spot for the most commonly hacked passwords was those involving pet names/terms of endearment. The top 20 phrases in this category were included in 4,032 of the most frequently hacked passwords studied – with the top three pet names used in passwords around the world being ‘Love’ (1,492), ‘Baby’ (417) and ‘Angel’ (330). 

And while you might often use pet names to refer to your closest and dearest, it's probably not the best idea to use these popular words of endearment for your passwords. It makes it easy for hackers to guess and access your personal information, especially if you regularly use those pet names in the public domain and on social media.

‘Names’ and ‘Animals’ come in the top 3 most hacked passwords types, followed by ‘Emotions’, ‘Food’ and ‘Colours’

Names ranked as the second most commonly hacked password category with 3,913 of the top 20 names being included in breached passwords. The most frequently hacked names? ‘Sam’ (313), ‘Anna’ (300) and ‘Alex’ (240). 

Ranking closely behind in third were animals, with 2,112 hacked passwords which included the 20 most popular animals. You guessed it – passwords including ‘Dog’ (354) and ‘Cat’ (265) were the most frequently hacked in this category. Add to that the increase in pet ownership during the pandemic, and it comes as no surprise that these furry companions are a go-to choice for many people’s passwords.

Further down the list in 12th place we find Brand names. Companies such as Apple (98), LinkedIn (36) and Google (29) were popular choices for some people’s passwords, while car brands, in particular, are often used – and often hacked. The top 20 motoring brands are featured in 606 of the breached passwords, including Ford (74), Honda (74) and Audi (43).

Meanwhile, in 20th place for astrology lovers that chose to incorporate their star sign into their password, it was Leo (101) that was the most commonly hacked, followed by Scorpio (30) and Gemini (25).

Easy to remember sequences of numbers and letters are among the most commonly hacked passwords, according to new data. 

Passwords with obvious sequences of numbers like ‘1234’ or letters like ‘qwerty’ (letters from the top row of the keyboard) were also among the world’s most frequently hacked passwords. These sequences are particularly easy to remember and transcend languages and cultures, making them an incredibly popular password choice worldwide. Easy to guess and requiring no personal knowledge, these ones present a huge risk to your online security when selected.

According to NCSC list the five most commonly hacked passwords with the most users are:

  1. 123456 (23.2 million users)
  2. 123456789 (7.7 million users)
  3. Qwerty (3.8 million users)
  4. Password (3.6 million users)
  5. 1111111 (3.1 million users)

Passwords with a combination of characters, numbers, and symbols are less likely to be hacked as they are harder to guess. To keep your password more secure, we recommend you use a random combination that is memorable only to you.

 

Naveed Islam, Chief Information Security Officer at Dojo commented:
“Passwords are the digital keys for just about everything on the Web, from checking emails to online banking.  The surge in online services has resulted in a proliferation of password usage. This has resulted in password fatigue - the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine. To cope with password fatigue, people reuse the same password across multiple websites, using simple and predictable password creation strategies. Attackers exploit these well-known coping strategies, leaving individuals vulnerable.

Using a password manager to create unique passwords and using multi-factor authentication (MFA) across all websites are some of the recommended ways to improve password security and make it difficult for attackers to steal your passwords and access your data.

Frequently check a breach notification site to see if any of your passwords have been leaked in any data breaches. If it has, change your password for that account immediately.”

10 expert tips on how to create a strong and unique password

In need of an improved password? We’ve put together our top ten tips on the most important do’s and don’ts when creating a more secure password.

Do’s:

  • Use a mix of special characters, numbers, capital letters. Including a range of upper and lower-case letters, as well as numbers and symbols (such as $ £ !) makes passwords securer and harder to hack.
  • Aim for a long password with a minimum of 8-12 characters. The longer the password, the better. Longer passwords require more time to work out combinations and hackers looking for a quick win may be deterred.
  • Use multi-factor authentication. Two-factor authentication requires hackers to get through two layers of security checks before they can get onto your account.  
  • Use a password manager. When creating multiple unique passwords, it can be tricky to remember them all. Instead of writing passwords down or on your phone’s notes, there are many apps and websites where you can safely store these passwords instead. 
  • Change your passwords regularly. Changing your passwords often reduces the risk of your accounts being compromised.

Don’ts:

  • Don’t use personal information in your passwords. Stay away from using any type of personal information in your passwords, such as a name, date of birth, or your pet’s name. This information can easily be discovered by hackers from social media profiles or even public conversations.
  • Don’t use obvious sequences of letters or numbers. Avoid using numbers and letters in common sequences such as 1234 or qwerty. These generic formats and memorable keyboard paths are the first to be guessed by hackers.
  • Don’t tell anyone your password. Keep your passwords to yourself. If you were to share a password, make sure to change it soon after. 
  • Don’t automatically save passwords to your browser. It may be very convenient, but allowing your browser to save passwords risks your details being viewed by other people that use your devices. 
  • Don’t use the same password across multiple accounts. It’s important to not reuse passwords. If one account was to be hacked it could result in exposing other accounts to be breached with the same password. 

While personal security is incredibly important, when it comes to your business – the stakes are even higher. This is why ensuring that all your business accounts are secured with tough-to-breach passwords is crucial. 

But it’s not just about the passwords – when you opt for a Dojo card machine like the sleek Dojo Go, you also opt for the highest standard of point-to-point encryption, making PCI compliance easier than ever – so that you can protect both customer data and your own income. Thanks to integrated payments, you can also enjoy seamless cloud-based software that links your card machine to your EPOS system for smoother transactions.

Methodology
Dojo analysed NCSC data on the top 100,000 passwords that have been compromised in a data breach, to discover the most commonly hacked passwords from HaveIBeenPwned.com. These passwords were then separated into categories such as cities, football teams, pets, colours etc. The top 20 most used words/phrases from each category were added to give a total. These were then compared to find the most commonly hacked password categories.