The Most Hacked Passwords Revealed (New 2022)

Published on May 10th, 2022|Last updated on February 29th, 2024

Do you think your passwords are secure? 

We all hear lots about passwords, and keeping yourself safe online, but how safe are you really? 

The National Cyber Security Centre revealed that ‘42% of Brits expect to lose money to online fraud’, so if we’re expecting it, why aren’t we doing anything about it?

With cybercrime up 600% over the pandemic, and with this trend not showing any signs of slowing down, it’s important that we help you to make your passwords more secure. Our experts have gathered the most hacked passwords into this handy list so that you know what to avoid!

What are the most hacked passwords?

The most hacked passwords are those with sequences & numbers, pet names & terms of endearment (such as ‘baby’, ‘love’ and ‘angel’) or your own names (or those of close family).

The full list of the most common password types are as follows:

  1. Numerical/pattern
  2. Pet names/terms of endearment
  3. Names
  4. Animals
  5. Emotions
  6. Food
  7. Colour
  8. Swear words
  9. Actions
  10. Family members
  11. Car brands
  12. Cities
  13. Brands
  14. Countries
  15. Sports
  16. Religions
  17. Hobbies
  18. Weather
  19. Drinks
  20. Social media platforms

In addition to this, Cybernews list the top 10 most common passwords as:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890

If you’re panicking because you’ve seen your password on this list (or anything similar), then it’s probably time for a change. Before we talk about how to generate a strong password, it’s important that you understand how passwords usually get hacked.

How does a password get hacked?

There are a frightening array of ways that passwords get cracked every single day. There’s several tactics that cyber criminals have in their repertoire, and there’s big money to be made by hacking and stealing passwords.

Bought off the dark web

Have you used the same password for years? Chances are it’s out there for sale on the dark web.

This is the easiest way for cyber criminals to gain access to your accounts. You can check if your email address or phone number has been compromised here

However, if you’ve been regularly changing your passwords, and have done everything you can to keep your passwords off of the aggregated black market, then a hacker will need to use another method to access your accounts. 

Brute force

A brute force attack is when a hacker uses a program to guess every possible combination until it hits yours, hence the name!

This tech is, unfortunately, coming along rather quickly, with powerful machines being created that can crack any 8-character Windows password in less than six hours.

Anything under 12 characters is at risk, so keep your passwords lengthy!

Dictionary attack

While this isn’t someone coming after you with a book raised above their head, it is a cyber attack that directly uses a dictionary.

A dictionary attack uses a list of words, and is designed to intelligently test and push through all the possible words you may have used in your password. 

The only way to avoid this is to use extremely uncommon words, or to use multiple word phrases such as StrawberryTennisShoeRed, which is difficult for a dictionary attack to predict.


We’re all familiar with the ever-present threat of phishing now, and many of us have been targeted with, and may have been the victims of, these malicious scams. 

Phishing is where cyber criminals try to trick, intimidate or pressure you into giving up your password, or accidently providing access to your accounts.

Many of these come in the form of an email or phone call claiming to be a company you trust, or a person you know. These then link to fake websites which are designed for you to enter your password. Once you do this, they have access to any of your accounts that use that password. 

How to create a secure password

Now that we know how passwords are usually stolen, it’s time to look at how you can proactively protect yourself by creating the best possible passwords.

Features of a great password

In order to write a great password, you should ensure that:

  • Every password you use is unique, never use the same one twice.
  • It doesn’t link to anything in your life (personal info, pets, date of birth, etc.).
  • It uses multiple uncommon words & phrases.
  • It might use numbers and symbols, but these aren’t necessarily essential.

The two best methods for creating a great password

1. The ‘revised passphrase’ method

Your passphrase should use wildly uncommon words that are of little relation to your life. You may even want to include words in other languages:


A hacker may guess the first word, but they’ll never guess the rest, as it’s essentially nonsense. Try to make this as memorable for you as possible by creating a story with your password if possible. You can also add in random symbols and numbers to crank up the difficulty. 

2. ‘The sentence method’

Also known as the ‘Bruce Schneier method’, is where you think of a random sentence and transform it into a password.

However, you need to come up with a rule, such as you only take the first and last letter of the word, or you use the first two letters of a word. Take the sentence Everybody loves McDonald’s, let’s be honest.

If you took the first and last letter of every word, you’d end up with: EylsMslsbeht. Absolute gibberish to anyone else, but it has meaning to you. You’ll want to make the sentence you use as memorable, but unguessable, as possible.

Stay cyber secure with Nebula

Choosing a great password is only the first step towards securing your cyber security, especially if you’re looking to keep a business protected. 

If you need cyber security advice, or you’ve got any questions about passwords that you need answering, don’t hesitate to get in touch with our cyber security specialists here at Nebula.

We’re here to talk you through any concerns you might have, and to help keep your data safe from cyber criminals.