All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
In the wake of one of the single largest databases of leaked passwords being shared on the Dark Web, there's never been a better time to double-check your online accounts to ensure they're safe from hackers. With an astounding 9,948,575,739 passwords available for anyone to read on Dark Web forums, experts believe the leak will trigger "a cascade of data breaches, financial frauds, and identity thefts".
To protect your online accounts, you can sign-up for a service that automatically monitors Dark Web data leaks to ensure your information hasn't been shared by cyber criminals. Alternatively, you can triple-check that you're not using any of the passwords included in the leak, since hackers will be using this list in combination with leaked email addresses to attempt to break into accounts.
NordPass has published a list of the most commonly used passwords in the UK. We'd advise using this as a checklist for words to avoid with any of your passwords. It's important to use a different password for every online account, otherwise you could allow hackers to access everything when a single email address and password combination is leaked, like the recent haul published on the Dark Web.
The database of stolen passwords was shared on a popular forum for hackers by someone with the username ObamaCare. Experts have verified that the text file does contain millions of passwords, building on the dataset initially released on the same forum three years ago CYBERNEWS PRESS OFFICE The popular password manager, which generates unique alpha-numeric passwords and then stores them in an encrypted vault, shared the most commonly used passwords worldwide at the end of last year.
You'll only need to remember a single secure password — or use facial recognition or a fingerprint scan — to access the vault, with passwords then entered automatically into the webpage or app when you want to login.
Password managers have become increasingly important as more of daily life moves online. With everything from watching television to paying council tax requiring an online account, Britons are now forced to remember dozens of passwords at a time.
Apple has responded to this shift by announcing its own password manager, which will be baked into its next iPhone, iPad, and Mac operating system, coming later this year.
According to the security experts at NordPass, all of the above passwords can be cracked in under 60 seconds. That's a worrying statistic given that these are the most commonly used passwords to protect Britons' online accounts.
To compile the list, NordPass researchers scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others.
NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.
According to their findings, people tend to rely on the weakest passwords for their streaming services, like Netflix, Disney+, and Prime Video, reserving their strongest passwords for online banking.
Commonly used passwords for streamers included the cringe-inducing "Netflix", "netflix123", "disney123", and "disney2020". While researchers found people typically reserved their best passwords for financial accounts, weaker options like "visavisa1" and "paypal123" still regularly crop up.
This is a pattern that comes up time and time again. NordPass found that different platforms influence password habits, with the fourth most common password used to secure accounts on Amazon being (surprise, surprise) "amazon".
It comes as a recent report from the Institution of Engineering and Technology (IET) concluded that 20% of the public were also using the same password for multiple websites and devices, with many using pet names or a significant date — all practices discouraged by cybersecurity experts.
This approach is despite 65% saying they are scared of being hacked in the future, and 84% saying they believe hackers are becoming more inventive.
The IET said it had published its research, which included a survey of 2,000 people aged 16 and over in the UK, to help raise awareness about the need for strong passwords.
The study highlighted what it said were misconceptions about password safety among the public, with 38% of people believing that replacing letters with numbers is more secure when it comes to a password, with a further 45% thinking it makes them harder to guess, which the IET said is not the case.
In its study, only 20% correctly said that using three random words was a more secure form of password.
Password managers, like 1Password (pictured), can manage lengthy, unique alpha-numeric passwords for every online account and monitor the Dark Web for breaches and hacks
1PASSWORD PRESS OFFICE
Dr Junade Ali, cybersecurity expert and IET fellow, said: “In our evolving online world, having strong passwords is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords. The IET’s research shows that 65% of people think passwords should never be written down, and 77% think changing passwords frequently makes them more secure, despite expert advice recommending otherwise.
“If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords – this is known as credential stuffing. However, there are some easy and simple ways to strengthen your defences against cyber threats.”
LATEST DEVELOPMENTS
So, what should you do? NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters.
Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.
If you're struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you're unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters.
Password managers are also a popular way of securing your online account. These applications generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.
NordPass is one option available alongside the likes of LastPass and 1Password.
Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and iCloud Keychain respectively, that generate and store passwords.
Online accounts are increasingly turning to passkeys as a way to let users sign-in to apps and sites the same way they unlock their devices – using a fingerprint, a face, or an on-screen PIN.
Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.
WhatsApp, the world's most popular messaging service, recently added support for passkey login on iPhone, following in the footsteps of Elon Musk's X, formerly Twitter, which enabled the feature earlier this year.
Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time.
For the time being, we're still stuck with passwords for a huge number of our online accounts ...as such, it's time to ditch "password123" and think of something a little stronger.
