The 20 Most Used Passwords, And Why They Don’t Work

  • admin
  • February 18, 2026
  • 10:53 am
  • 0 comments
Weak passwords like “admin” and “123456” remain extremely common and are one of the easiest ways for cyber attackers to gain access to business systems. Using longer, unique passwords along with tools like password managers and multi-factor authentication can significantly reduce the risk of data breaches and financial loss.
Contents

The 20 Most Used Passwords, And Why They Don’t Work

Passwords are one of those things we all rely on every day, but rarely give much thought to. They protect your emails, your accounts, your systems and your business as a whole. Yet despite this, most people still use passwords that are shockingly easy to guess.

At Edmondson's, we see this all the time. Weak passwords are one of the most common entry points for cyber-attackers, yet they’re one of the simplest problems to fix.

So let’s look at some of the most common passwords people use, why they don’t work, and what you should be using instead.

The Most Common Passwords

Every year, security researchers release lists of the most used passwords worldwide. While the exact rankings change, the same names appear again and again.

The 20 most used passwords in the UK last year (2025) were:

  1. admin (used 99,916 times)
  2. 123456 (used 63,698 times)
  3. password (used 58,355 times)
  4. 12345678 (used 22,025 times)
  5. 123456789 (used 18,733 times)
  6. Password1 (used 17,094 times)
  7. Password (used 15,057 times)
  8. 12345 (used 12,555 times)
  9. Lennon11 (used 9,214 times)
  10. 1234567890 (used 8,150 times)
  11. Password123 (used 7,773 times)
  12. Fortnite21 (used 7,669 times)
  13. password1 (used 7,180 times)
  14. qwerty123 (used 7,146 times)
  15. qwerty (used 6,970 times)
  16. 123qwe (used 6,801 times)
  17. abc123 (used 6,633 times)
  18. Strongman12 (used 6,607 times)
  19. daday123 (used 6,429 times)
  20. Liverpool1 (used 5,897 times)

(Data from NordPass 2025 Report)

These passwords are popular because they’re easy to remember. Unfortunately, they’re also easy to guess. Modern hacking tools can test millions of passwords per second, and these common choices can be cracked almost instantly.

If your password appears in the list above or is very similar to any of these, we’d recommend changing it straight away.

Why Weak Passwords Are Such a Big Risk

Many people assume hackers target big corporations, not small businesses. In reality, small and medium-sized businesses are often easier targets because security’s usually less strict.

A weak password can lead to:

  • Access to email accounts, which can then be used for phishing
  • Access to cloud systems like Microsoft 365 or Google Workspace
  • Stolen customer data
  • Financial fraud through invoice scams
  • Complete system lockouts through ransomware

Once someone gets into one account, they often move sideways through your systems. If staff reuse the same password everywhere, one breach can quickly turn into several.

What Makes a Good Password?

A strong password should be:

  • Long - At least 12 characters
  • Unique - Never reused across systems
  • Hard to Guess - Not based on personal info
  • Random - No real words or patterns

Longer passwords are far more secure than short complex ones, because they take much longer to crack.

Safer Alternatives That Actually Work

The problem with strong passwords is that people struggle to remember them. That’s where these tools can help:

Use a Password Manager
Password managers like Bitwarden, 1Password or LastPass generate and store strong passwords for you. You only need to remember one master password, and the rest are handled securely.

Enable Multi-Factor Authentication
This adds an extra step like a code on your phone or a fingerprint. Even if someone steals your password, they still cannot log in without the second factor.

Use Passphrases Instead of Single Words
A sentence is easier to remember and far more secure than a single word with a number on the end.

Never Reuse Passwords
This is one of the biggest mistakes people make. Every system should have its own unique password.

The Business Impact of Poor Password Habits

From an IT support perspective, password issues cause more problems than almost anything else. We regularly see:

  • Shared passwords across teams
  • Old staff accounts still active
  • Passwords written on sticky notes
  • The same login used for email, CRM and remote access

These habits might feel convenient, but they massively increase risk. One compromised account can easily lead to downtime, data loss and serious reputational damage.

At Edmondson's, one of the first things we review during an IT health check is password policy. Simple changes can dramatically reduce your exposure to cyber threats.

If you’re not sure how secure your systems really are, Edmondson's can help review your setup and put better protections in place before problems arise.

The Rise of AI-Powered Cyber Attacks, What You Need to Know
A rise in AI-powered cyber attacks is making threats faster and more convincing, increasing the risk for businesses of all sizes. By strengthening core security measures such as strong passwords, regular updates and staff awareness, businesses can better protect themselves against these evolving threats.
READ BLOG
Data Protection in 2026, What’s Changing for Businesses?
Data protection in 2026 is becoming more focused on accountability, stronger enforcement and higher expectations around security, meaning businesses must actively demonstrate how they protect data. By improving systems, training staff and reviewing processes, businesses can stay compliant while reducing the risk of costly breaches and disruption.
READ BLOG
10 Biggest Tech Failures That Cost Businesses a Fortune
Real life tech failures, from outages to data breaches, show how small mistakes like poor testing, outdated systems or weak security can quickly lead to major financial and operational damage. By taking a proactive approach with updates, backups and proper planning, businesses can significantly reduce the risk of costly disruptions.
READ BLOG

about us

our policies

contact us

Google Reviews

2 Hour Response Window

FREE IT Health Check

Price Match Guarantee

Rated Excellent On Trustpilot

© Edmondson's IT Services | Co. Reg. No: 07818717 | VAT Reg. No: GB122507059