Skip to main content

Study reveals most hacked passwords — avoid these categories

Lock on laptop keyboard
(Image credit: Snappa)

Passwords keep your online accounts clear of prying eyes, but all it takes is one low-level hacker to crack the code and reap the rewards you thought were once secure — especially if your password is based on this cybersecurity study's results.  

A study by payment service provider Dojo analyzed breached passwords around the globe to reveal the most hacked passwords, along with the most guessable categories threat actors commonly break through. TL;DR: stop using pet names and emotions to keep your online accounts secure. 

Based on breached passwords from the National Counterintelligence and Security Center (NCSC), the study (via BGR) revealed the top 20 most commonly hacked password categories that everyone should avoid, along with the number of breached passwords that include words or phrases in that category. The list is as follows:

  1. Pet names/terms of endearment — 4,032
  2. Names — 3,913
  3. Animals — 2,112
  4. Emotions — 1,917
  5. Food — 1,662 
  6. Colours — 1,450 
  7. Swear words — 1,268 
  8. Actions — 991 
  9. Family members — 723
  10. Car brands — 606
  11. Cities — 505
  12. Brands — 477
  13. Countries — 463
  14. Sports — 457 
  15. Religions — 341 
  16. Hobbies — 314
  17. Weather — 313
  18. Drinks — 268
  19. Social media platforms — 253 
  20. Star signs — 204 

Pet names and terms of endearment were the most commonly used passwords that threat actors hacked, with the study showing that "Love" (1,492), "Baby" (417) and "Angel" (330)  being the three top used passwords around the world. the names category also took the spotlight,  with the most frequently hacked names being "Sam" (313), "Anna" (300) and "Alex" (240). You'll also want to stay clear of using "Dog" (345) or "Cat" (265) in your passwords.

The NCSC data also showed the five most commonly hacked passwords on the internet, and you may be surprised by how many people still use them.

  • 123456 — 23.2 million users
  • 123456789 — 7.7 million users
  • Qwerty — 3.8 million users 
  • Password — 3.6 million users 
  • 1111111 — 3.1 million users

Large-scale hacks that can lead to fraud, identity theft, and ransom threats happen frequently, and it doesn't take much for a hacker to bypass simple passwords. Password managers are a great way to keep your credentials in order. They store all your unique passwords in a secure digital vault that can only be accessed by you, and they can generate strong, random passwords — better than the ones found in this study, anyway.

With Google finding success in pushing two-factor authentication, it's a good idea to set up 2FA. If you're wondering how to do 2FA right, we've got you covered. 

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.