The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on hacked accounts.
The NCSC said people should string three random but memorable words together to use as a strong password.
For its cyber-survey, the NCSC analyzed public databases of breached accounts to see which words, and strings people used.
- Top of the list was 123456, appearing in more than 23 million passwords.
- The second-most popular string, 123456789, was not much harder to crack,
- while others in the top five included "qwerty", "password" and 1111111.
Hard to guess
The NCSC study also questioned people about their security fears.
- 42% expected to lose money to online fraud
- only 15% said they felt confident that they knew enough to protect themselves online
- fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
If your identity has been stolen, please contact us to help gain control of your online accounts.