The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

The most common mistakes when making a password revealed

Making your password ‘superman12345’ may not have been the smartest idea

Sabrina Barr
Sunday 03 June 2018 14:58 BST
(Getty Images)

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


When it comes to updating a password for an old online account, many people may simply opt to modify their old one with a slight change of spelling or the inclusion of a new set of numbers on the end.

However, doing so can make you far more susceptible to hackers, according to new research.

A study has revealed the most common mistakes that numerous individuals make when trying to protect their profiles on the internet.

Gang Wang, a computer science researcher at Virginia Tech, gathered more than 61 million anonymised passwords as part of the research, which were then analysed by password manager service Dashlane.

All of the passwords included in the study had been leaked over the years due to data breaches.

According to the study, there are more than 16 million password pairs, meaning passwords that have been reused or slightly modified, that can be easily solved in as little as 10 attempts.

Here are the most common mistakes people make when deciding upon their everyday passwords:

Using the same password for multiple accounts

The study states that more than half of the users used or modified the same password for multiple online accounts.

This may seem understandable when you consider the sheer volume of passwords we’re expected to remember on a daily basis.

However, doing so can put you at risk if one of the accounts in which you’ve used the password is hacked.

Deciding on your password based on adjacent keys

An easy way to remember a password is to simply choose it based on the keys on the keyboard that are next to one another.

However, this also makes it easy to figure out.

Passwords that feature adjacent keys include examples such as “12345”, “qwert” and “!@£$%”.

The most common examples of “password walking” as outlined by Dashlane were: “1q2w3e4r”, “1qaz2wsx”, “1qazxsw2”, “zaq12wsx”, “!qaz2wsx” and “1qaz@wsx”.

If any of these happen to be your passwords, you might want to consider changing them to something less obvious.

Emotionally charged passwords

It seems that many people opt for passwords that relay passionate feelings, something that should be avoided.

Language referring to emotions of love or hate was a very common theme of the analysed passwords, with the phrase “iloveyou” being the most popular choice.

Several of the preferred choices also included a variety of swear words.

If you’re prone to cursing in your passwords, it may be worth finding another outlet for your frustration.

Famous brands

A number of famous brands were found to have featured heavily in the leaked passwords.

Many people chose to include well-known companies such as Myspace, Coca-Cola and Playboy in their password combinations.

Skittles and Ferrari also made it onto the list of brands most commonly used in easily-guessable passwords.

Favourite pop culture references

What better way to pay homage to your favourite band or film than by cementing it in your trusted password, right? Wrong.

Doing so is a massive no-no, especially when it comes to well-known blockbusters or pop culture icons.

As may be expected, DC superhero Superman was the most popular pop culture icon to make it onto the list, with Pokémon coming in second.

Star Wars came fourth, Nirvana came sixth while the neighbourhood-friendly Spider-Man was placed eighth on the list.

Football fanatics

If you’re a staunch football fan, then chances are you’ve made it abundantly clear on all of your social media channels.

With that in mind, it may not be the wisest notion to also include the name of your beloved football team in your password.

Liverpool, Chelsea, Arsenal, Barcelona and Manchester were the most prevalent Champions League football teams discovered in the passwords by the study.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in