After Google warned its 2.5 billion users to change their login details after attackers began targeting Gmail accounts, password safety is being spoken about again. This is especially appropriate given it is Cyber Security Awareness Month.
New findings from Uswitch Broadband show that people are still making easy mistakes. Almost 25% of common passwords in the UK are made up of numbers only, while 49% use letters alone. Patterns such as “qwerty” and everyday words like “football” or “monkey” are still common choices. These shortcuts make it easy for hackers to gain access.
The search term “what makes a strong password” has jumped 133% over the past year, showing that people are trying to do better. Yet the bad habits are still there. Uswitch found that “123456” tops the list as the most hacked password, found in more than 132 million data breaches.
Which Passwords Are Putting People Most At Risk?
The Uswitch Broadband research ranks the weakest passwords used in 2025. At number one is “123456,” followed closely by “123456789” and “admin.” Many of these passwords appear in millions of leaked databases. Even versions that use capital letters or symbols, such as “P@ssw0rd” or “Qwerty123!”, can be cracked in under 2 seconds.
Passwords made up of numbers only make up nearly 25% of the top 200 used across the UK. On average, these have been hacked more than 8 million times each. About 14% use common names such as “Daniel,” “Michael,” or “Ashley.” These are easy to guess, often taken from details people post on social media.
Very few people use special characters. Only 3.7% of the top 200 passwords contain them. Even then, most are still weak. One of the few stronger passwords found was “G_czechout,” which has only appeared 1,200 times in leaks and would take a computer about 4 hours to crack.
Uswitch Broadband’s Max Beckett shared a few reminders for users. He said every account should have its own password. Using a password manager can help store them safely. The National Cyber Security Centre advises people to create passwords using three random words. Beckett also recommends turning on two-factor authentication for another layer of safety.
More from Cybersecurity
- Living Security Unveils HRMCon 2025 Speakers As Report Finds Firms Detect Just 19% of Human Risk
- Two Thirds Of Organisations Concerned About Identity Attacks Yet Major Blind Spots Persist
- 7 Tips To Train Your Employees on Phishing Attacks
- Check Point Acquires Lakera To Build End-To-End AI Security Stack
- These Are Some Interesting Innovations That Have Come From Women In Cyber
- How Top Threat Intelligence Platforms Strengthen Your Cybersecurity Strategy
- Ways Small DeFi Projects Can Improve Their Cybersecurity
- INE Named in Training Industry’s 2025 Top 20 Online Learning Library List
How Does Weak Security Feed Into Global Cybercrime?
The World Economic Forum’s Global Cybersecurity Outlook 2025 shows that online attacks have more than doubled over 4 years. The average number per organisation went from 818 each week in 2021 to 1,984 in 2025.
Stolen login details are one of the simplest ways for hackers to break into accounts. Many now use AI to make their attacks faster and harder to spot. Anthropic, the maker of the Claude chatbot, said its AI tools were misused to create malicious code that affected at least 17 organisations and even helped hackers decide on ransom amounts.
Groups such as Scattered Spider have become well known for targeting the retail staff at companies like Marks & Spencer, Whole Foods and Allianz. They impersonate workers or contractors to get access to internal systems. Ivan John Uy, the former ICT Secretary in the Philippines, told the World Economic Forum that cybersecurity “is a life skill,” because at this rate, everyone has to take part in keeping systems safe.
What Are Governments And Companies Doing About It?
Governments have started tightening online security laws. The UK plans to ban ransomware payments in the public sector, while the European Union is enforcing new digital safety laws this year. Both aim to stop hackers profiting from attacks.
Big companies are also trying to do something about it, for example, OpenAI signed a $200 million contract with the US Department of Defense to strengthen cyber defence through AI. Microsoft is giving free cybersecurity services to European governments after a surge in online breaches.
Even so, smaller companies are still at a higher risk. The World Economic Forum said 7 times more small businesses reported weak cyber protection this year compared to 2022. Only 14% of organisations say they have the right staff for proper defence.
The easiest protection begins with stronger passwords and another form of verification. Every account should have a password that is different, long and unpredictable. Two-factor authentication makes it far harder for hackers to gain access.
