Millions of people are still using easy-to-guess passwords like "123456" and "qwerty" on sensitive accounts, a study has found.
The analysis by the UK's National Cyber Security Centre (NCSC) uncovered the gaps in cyber-knowledge that may leave people in danger of being exploited.
The NCSC said people should string three random but memorable words together to use as a strong password.
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used, the BBC reported.
Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111.
The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie, the report found.
When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts.
People who use well-known words or names for a password put themselves people at risk of being hacked, said Ian Levy, technical director of the NCSC.
"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.