5 Passwords Hackers Can Guess in Less Than a Second

A login screen shows the importance of creating a strong password.

Share This Post

When it comes to generating a strong password, a concerning number of people are uninformed or don’t act on the guidance that’s out there. Cyber security is vital for businesses, and it’s important for personal accounts too. In this post, we’re looking at the top five least-secure passwords and three easy tips on creating a strong password that you can implement to improve your cyber security. A login screen shows the importance of creating a strong password.

What is a Secure Password?

Speaking at an RSA security conference in 2004, Bill Gates predicted the end of the password as we know it. He said: “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems; they write them down, and they just don’t meet the challenge for anything you really want to secure.” Even now, almost twenty years later, his second statement still rings very true. The average person uses infinitely more passwords than they could have even imagined in 2004, and yet the majority of people remain unaware of how to generate a strong password.

The Worst Passwords

In 2021, NordPass published the most common passwords of the year, and the outcome was a little bleak. In the UK, the passwords used most frequently over the last year were:
  • 123456
  • password
  • liverpool
  • password1
  • 123456789
All of these would take a hacker less than one second to crack. Collate that data with the fact that 52% of people use the same password for multiple accounts (and 13% use the same password for all of their accounts), and the issue becomes clear. But what is the best way to create a password?  

Creating a Strong Password

  1. Choose secure passwords
A lot of the basic security guidance for creating a strong password may already be familiar to you – general advice typically includes not using any personal information (like your name, age, date of birth or kid’s name) and adding numbers or symbols. Creating a strong password of completely random characters with long strings of mixed-case letters, numbers and symbols is much harder for hackers to get past, but it will also be much more difficult for you to remember. In fact, the National Cyber Security Centre recommends something easier – the three-word method. What this means is to put together three completely random words, like WindowBottleBread or CanvasGreenOtter. Total nonsense, but this method makes your passwords longer and more random, as well as much easier to remember.
  1. Password managers
Whether at home or work, we believe everyone should have a password manager. Considering that the average person might have hundreds of online accounts, it’s not feasible to expect them to remember a different, complex password for each one. Even the three-word method is only good for one or two passwords before you get muddled in random words. Password managers are painfully underutilised, but they are key to having successful password security. Have a look online; you can often find basic packages for free. We recommend 1Password, which you can use individually, with your family or in your business. You can create a strong password, log it into your password manager, and that’s it sorted!
  1. Don’t expire your passwords
Technology has changed rapidly since the invention of the World Wide Web in 1989, and while password security hasn’t been quite as quick, it’s still very much moving on. People used to believe – and plenty still do – that the most secure password was never stagnant. As a result, many businesses enforced a password expiration programme, meaning that every 30, 60 or 90 days, every worker was forced to change their passwords to something new. This has since proven ineffective, as it doesn’t encourage people to create a strong password. Password expiration means people are more likely to choose easy-to-remember passwords and change them only minimally. For example, their passwords over three expiration periods may be password, password1 and password!. It technically meets the criteria, but it’s definitely not secure.  

Two-Factor Authentication

Okay, you’ve picked a perfectly secure password and stored it in your password manager. Of course, you could leave it at that, but with hackers becoming increasingly more sophisticated, one thing to consider is two-factor authentication. This means that even if your password were compromised, a hacker still wouldn’t be able to access your accounts. You can even use two-factor authentication without a smartphone, ideal for business use. You can learn more about why two-factor authentication is important over on our blog.   So now you know what the best way to create a password is and how to generate a strong password. However, you should remain cautious of alternate tactics like phishing, smishing and pharming; opening your account to the wrong person, even accidentally, can make your very-secure password redundant. Learn how to spot a phishing email on our blog, or contact us today to arrange an independent security review of your business.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore


Five Benefits Of the Cyber Essentials Scheme

Cyber Essential is a government-backed scheme aiming to help businesses become more cyber secure. As hacking and cybercrime are rising with the rise of technology, companies must be able to protect their data.  Here are five huge reasons your business would benefit from getting a Cyber Essentials certification. Basic Cyber-Security This assessment includes over 35


Best IT Security Tools 2022

Cyber security is essential now more than ever as businesses move online, and hackers are becoming more skilled, increasing cyber-attack danger. Preventing attacks is much better than trying to recover. Companies of all sizes and all locations are being affected. Here are our Top 10 tips for Cyber Security in 2022 Devices Ensure that all

Scroll to Top