Government Reveals Millions Use Easy-to-Hack Passwords

The most hacked passwords have been revealed by the National Cyber Security Centre as gaps are exposed in the UK's online security.

Millions of people are using easy-to-guess passwords on sensitive accounts.

The analysis by the UK's National Cyber Security Centre (NCSC) – a part of GCHQ – is designed to assess and improve the cyber awareness of the public and understand how their actions can leave them in danger of being exploited.

The NCSC said people should string three random but memorable words together to use as a strong password.

People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. An except from this is included below:

NCSC Advice

Choosing a good password is hard.

Throughout our blogs and guidance, the NCSC have said how important it is to change your password policies (if necessary) to make it easier for users to choose 'good' ones.

This includes using password blacklists (that is, making sure your users can't choose any passwords commonly found in data breaches), something that the National Institute of Standards and Technology (NIST) also recommend.

Today, in collaboration with Troy Hunt, we're releasing a file containing the top 100,000 passwords from his Have I Been Pwned data set.

If you see a password that you use in this list you should change it immediately.

This blog explains why you should do this, and answers some common questions about password blacklists.

If you want to see the full list of most commonly used passwords, you can do so here: PwnedPasswordTop100k.txt

For all media enquiries, please contact the SecuriGroup Communications team at

About Us

SecuriGroup is rated within the top 1% of approved UK security companies by our Home Office regulator, the Security Industry Authority.

Strengthening the society in which we live, and an Investors in People Gold organisation, SecuriGroup provides innovative and expert solutions to our clients’ security needs. A two-time winner of ACS Champion of the Year, our security management approach shapes the future of the industry by combining physical, electronic, and cyber security to augment our service delivery. 

SecuriGroup Head Office

Our Divisions

Link to SecuriGroup Website
Link to SGL Website
Link to Blueprint Training Website

Useful Links

Connect With Us

We're on Social Networks. Follow us & get in touch!

Stay up to date with our latest company news



Investors in People

© 2022 SecuriGroup Ltd

PSA: 05086