cloudThing logo in white
Menu open icon
tel: +44 (0) 121 393 4700
Menu closed icon


Generally useful pages


We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Keyboard underlit with red light

Official: The UK’s Average Password Strength Isn’t Great

Sun May 17 2020

As COVID-19 related scams go through the roof, Police advice people review their password security

It should come as no surprise that cyber actors have taken full advantage of the coronavirus, tricking vulnerable users with phishing scams offering free masks, testing and even cures.

It’s been reported by the South East Regional Organised Crime Unit that cyber frauds (specifically those related to coronavirus) rose by 400% in March.

That’s 1,425 UK victims who have been defrauded of a total of £2.9 million.


Unfortunately, as we’ve discussed many times before, phishing is still, by far, the most profitable form of attack for a cyber actor looking to gain access to log in credentials and passwords.

Cyber Security awareness is getting better, with 29% of firms now providing some form of cybersecurity training (up 9% in the last 2 years) but it doesn’t take a mathematical genius to figure out that’s still over 70% without!


As computing power has increased over the years and cyber actors have become more sophisticated, so to has advice around password security changed.

We’re once again sharing the list of most popular passwords (i.e. the one’s that can be cracked in seconds) which doesn’t include the phishing scammers favourite of birthdays or names of pets or loved ones.


  • 13456
  • 123456789
  • Qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • Password
  • 123123
  • 987654321
  • Qwertyuiop
  • Mynoob
  • 123321
  • 666666
  • 18atcskd2w
  • 7777777
  • 1q2w3e4r
  • 654321
  • 555555
  • 3rjs1la7qe
  • Google
  • 1q2w3e4r5t
  • 13qwe
  • Zxcvbnm
  • 1q2w3e
  • 12345
  • 12345678
  • Password
  • Password1
  • Admin
  • Admin1
  • 696969


Take three random words… HackTrainRope… that password, could, on average, be cracked in just six hours by brute force but change it HackTrainRope@19 would, due to the additional complexity, take six years.

That’s why security professionals now recommend a password should be at least 13 digits long and include special characters like # or %.

Whilst these passwords are much more secure it does lead to issues with users forgetting passwords a lot.

The South East Regional Organised Crime Unit’s advice was to use a password manager like (Like LastPass) and to enable MFA (Multi-Factor-Authentication).

They also highlighted that there are a lot of free resources for both individuals and organisations offered by both the Police and the NCSC to help anyone worried about cyber crime… information about Covid-19 scams and advice on improving security from the South East Regional Organised Crime Unit. - National Cyber Security Centre offers free advice and services around email, websites, DNS and networks, and security testing. - an anti-ransomware site that publishes known decryption keys.


Not quite ready to get back to work just yet?


Build Future

What The Hek Is Devops?

Contact Us

Worried about your cyber security? Contact cloudThing today to see how we can help



Company Name


Email Address


Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2021

Sun May 17 2020

© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739