Latest News

123456 is still the most commonly used password in the UK in 2020

Despite warnings, providers toughening up and widespread coverage on the issue, 123456 remains the most commonly used email password in the United Kingdom.

This was uncovered in the most recent password analysis of Scattered Secrets, a platform where people can check whether their password has ever been leaked and hacked. The data for the analysis was requested by Dutch IT service provider Competa IT and Dutch-Tech Magazine.

Currently, there are 4.58 billion leaked email-account passwords in the Scattered Secrets database. At least 78.4 million of these have a .uk-address.

123456 on top, football-related passwords also popular

UK residents, it seems, do not seem to pay much attention to security when it comes to their email-accounts – while ‘123456’ is the most commonly used password, the top 10 most used passwords in the UK in 2020 features a similarly insecure roll-call, with “password” and “liverpool” respectively taking places 2 and 3.

It’s remarkable that a lot of passwords in the British top 25 list of most common passwords in the UK seem to relate to football. Besides ‘liverpool’ (3rd place) and ‘liverpool1’ (11th place), other footie fans want to commemorate their teams – with ‘arsenal’ (14th place), ‘chelsea’ (15th place) and ‘rangers’ (25th place) – not to mention the ultimate ‘football’ itself, which comes in at 20th place.

Growing number of websites that are more secure

Rickey Gevers and Jeroen van Beek, cybersecurity experts and founders of Scattered Secrets, say that they are observing sites enforcing better password protection:

“We have seen over the past two years that more sites are making their passwords more secure – by using stronger so-called password hashes (encryption). This way, a hacker can try fewer (possible) passwords per second.’’

While this brings hope, however the duo say there is still much work to be done:

“The bulk of data we see contains a lot of mediocre passwords that we can hack quickly.” And sites are still being hacked, so a lot of sites still don’t really have it right.”