Passwords you should never use as millions are urged to change ‘weak’ phrases

MILLIONS of people are being urged to rethink their online security after experts revealed the full list of passwords you should never use.

Weak, lazy, and predictable passwords are putting countless accounts at risk, and cybersecurity researchers warn the time to change them is now.

A major analysis by the team at Cybernews, who combed through 19 billion leaked passwords, uncovered the worst offenders — phrases and numbers so common that hackers can guess them in seconds.

Neringa Macijauskaitė, an information security expert at Cybernews, said: “we’re facing a widespread epidemic of weak password reuse.”

At the top of the danger list is the classic “123456” — a password so lazy it’s practically handing over the keys.

Other shockingly common choices include “123456789,” “password,” “qwerty,” and “111111.”

These simple strings are often the first combinations hackers try when launching attacks.

But it’s not just numbers and default words causing problems.

Names are another major weak spot.

Cybernews found that around 8 per cent of passwords included popular names, making them an easy target.

For example, “Ana” appeared in 179 million leaked passwords, while pop culture names like “Mario” (9.6 million), “Batman” (3.9 million), “Thor” (6.2 million), “Joker” (3.1 million), and “Elsa” (2.9 million) were shockingly common.

Curse words are also widely used and appear in hacker wordlists.

Among the leaked data, researchers found millions of passwords containing terms like “ass” (165 million), “fk” (16 million), “st” (6.5 million), “dick” (3.2 million), and “b***h” (3.2 million).

Food names, football teams, and locations are equally risky.

They may feel personal and easy to remember, but they’re exactly the kind of terms attackers are primed to exploit.

Another massive problem is password reuse.

The average person now manages roughly 100 passwords across around 200 online accounts, according to anti-virus company NordPass.

Using the same password across multiple sites increases the chances of a domino effect, where one data breach can compromise all your accounts.

“If you reuse passwords across multiple platforms, a breach in one system can compromise the security of other accounts,” Macijauskaitė warned.

Individuals must take immediate action to strengthen their online security.

Users are strongly advised to stop relying on lazy, weak, or predictable passwords and instead create strong, unique passwords for each of their accounts.

Additionally, enabling two-factor authentication wherever available is an important extra layer of protection that significantly reduces the risk of unauthorised access.

For those who struggle to manage multiple complex passwords, the use of a reputable password manager is highly recommended.

Such tools can securely store and generate unique passwords, helping users maintain robust security across all platforms without the burden of memorising each one.

Taking these steps is essential to safeguarding personal and financial information in today’s increasingly digital world.

2