By Matthew Olney on January 31, 2023

Are You Ready to Up Your Password Game on Change Your Password Day?

Cyber Risk and Assurance, Industry Trends & Insights

Do you want to be hacked? Chances are you will be if you persist on using one of the passwords listed on the most commonly used passwords list of 2022.

The annual list which is published by NordPass is created in partnership with independent researchers who study cyber security incidents and evaluated a 3TB database.

Taking the top spot for 2022 was (yet again) password. A hacker can crack that faster than you can blink! The fact that so many people still use easy to crack passwords is why Change your Password Day exists.


What is Change your Password Day?

Change Your Password Day is an annual event observed on the first of February, aimed at encouraging individuals and organisations to regularly update their passwords.

It serves as a reminder to create strong, unique passwords, and to change them frequently to protect sensitive information and secure online accounts from cyber threats. By participating in Change Your Password Day, people and organisations can improve their cyber security posture and reduce the risk of identity theft, data breaches, and other cyber-attacks.

From looking at the list, it’s clear that the message to use effective, hard to guess passwords still isn’t getting through!


The top ten most common passwords

The top ten list of the most commonly used passwords makes for some pretty frustrating reading for those of us working in the cyber security sector. For years the same passwords have made the list suggesting that all of the warnings still aren’t getting through to people. Without further ado here’s the top ten:

  • password
  • 123456
  • 123456789
  • guest
  • qwerty
  • 12345678
  • 1111111
  • 12345
  • col12345
  • 123123


How to make a strong password

An effective password is crucial in today's digital age, where cyber threats are rampant and personal information is easily accessible. Despite the importance of strong passwords, both individuals and organisations are guilty of using weak and easily guessable passwords, such as company names followed by numbers or symbols. This leaves them vulnerable to various cyber-attacks, including insider threats, vandalism, and damage to their reputation. With the increasing number of websites and online services that require passwords, it's crucial to create unique, complex passwords to protect personal information and prevent unauthorized access.

Complex passwords doesn’t mean they’re secure

The belief that a complex password is secure is a common misconception. Cyber attackers have become adept at searching for and cracking passwords that use simple substitutions, such as replacing letters with special characters. Long, complex, random character passwords may seem secure, but they are often too difficult to remember, leading users to store them in plain text files or use copy and paste. This presents another vulnerability that attackers can exploit.


A more secure approach, recommended by the National Cyber Security Centre (NCSC), is to increase the length of the password. This can be done by selecting random words that are memorable but not necessarily part of common language, such as "brussels sprouts Humanity torque wrench." Special characters and numbers can also be added for extra security, as long as the password remains memorable.

To further improve security, users can employ password management tools that securely store passwords and help generate secure passwords. You can check to see if your current password has been breached using websites such as

 If you need a consultation on your cyber security, get in touch with our experts today! 

Contact Us

Sign up to receive the latest insights

Join our cyber security community to stay up to date with the latest news, insights, threat intel and more right in your inbox.  All you have to do is choose how often.