It is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.

The second most popular, “123456”, is also unlikely to keep hackers at bay.

The annual review of the top 200 most common passwords by the tech company NordPass makes depressing reading for security experts, the police and anti-fraud bodies.

Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess, these warnings are going unheeded.

In the UK, words, number combinations, and common keyboard patterns dominate the top 20. Different variations of the word “password” take up as many as five of these spots, with simple numeric combinations, including “12345678” and then “123456789” using another five. So far, so easy to hack.

It’s not just a problem here – Australians, Americans and Germans also use “admin” more than any other password when accessing websites, apps and logging in to their computers. Around the world, “123456” emerges as the most popular.

“Despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene,” says Karolis Arbaciauskas of NordPass, a password manager that aims to keep details secure.

“About 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome.”

What the scam looks like

At a time when many of us grapple with a growing number of passwords, it seems people are picking the easy option. Criminals are well aware of this and will use the obvious options during a systematic attack on someone’s accounts.

“The problem with easy-to-remember passwords is that most of them can be cracked or guessed in seconds using a technique called a ‘dictionary attack’ – a systematic method of guessing a password by trying many common words and their simple variations,” Arbaciauskas says.

“Another problem is that people tend to reuse them quite often. Users cite having too many accounts to create, and remember, unique passwords for all of them. That is terrible. People who use weak passwords, or reuse them, risk their digital lives and their identities.”

Recent research from Virgin Media O2 suggests four out of every five people use the same, or nearly identical, passwords on online accounts, giving an almost open door for hackers to compromise log-ins.

You might be alerted to an attack by a message advising that you have been trying to change your email address, or other details, connected to an account.

What to do

Make your passwords long and strong. This could be by combining three random words (eg, applepenbiro) or mixing numbers, letters and special characters.

Don’t reuse the same password. The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.

Change any passwords that are variations on the same word now, starting with the important sets of accounts: banks, email, work and mobile.

Use password managers – these are often integrated into web browsers. Apple has iCloud Keychain, while Android phones have Google Password Manager, both of which can generate and save complicated passwords.

Two-factor authentication (2FA) is something you can set up for your email, and other important online accounts, to add an extra layer of security. It involves providing something that only you can access – for example, a code sent to you by text message. You should turn 2FA on for every service that offers it.