In 2019, the National Cyber Security Centre released a list of the most regularly used and frequently hacked passwords. Here they are:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1111111

Now obviously these are terrible passwords and you shouldn’t use them. But what should you use instead?

Journalist Ben Wolford explains that the best passwords are those with the most “entropy” or randomness. The more random your password, the better. For instance, a 20-character password consisting of random letters and symbols would be incredibly hard to crack. But it would also be incredibly hard for most people to remember.

So if you need to create a good, memorable password, consider creating a passphrase instead. A passphrase is a combination of four or five random words – like “zebra wheel yellow bottle” or “zebrawheelyellowbottle.” (You can use spaces between the words or just jam them all together.) Don’t use a quote or a well-known saying. You want to keep it as random as possible. And if you throw in a number or special character (like “zebra4wheelyellowbottle”), that’s even better.

What you’ll end up with is a long passphrase that’s not too hard to remember (since you only need to remember four or five words rather than a bunch of random letters and characters), and is still really secure and hard to hack. Create different passphrases for your different accounts, and you are ready to surf the internet. Now go out there and be safe!

Lemonnier, J. & Latto, N. (2019, July 23). How to create a strong password — that you won’t forget. AVG. Retrieved from:

Wolford, B. (2019, March 5). Let’s settle the password vs. passphrase debate once and for all. ProtonMail. Retrieved from: