According to NordPass, British pop band One Direction has the most dedicated fans. How do they know that? 30,388 people use ‘onedirection’ as their password.

NordPass also found out that Liverpool (41,272) and Chelsea (40,499) football clubs have the best supporters. When it comes to superheroes, Batman (37,973) and Superman (56,113) are winning, and the most patriotic people live in Pakistan (41,798).

Understandably, people want to show dedication to their favourites. However, security experts advise steering away from any personal preferences when creating a password. Getting personal makes it easier to guess.

Nevertheless, according to the research done by NordPass, it’s clear that people keep making the same mistakes. This research included 200 most common passwords that were leaked in data breaches in 2019. After reviewing this list, we can draw 10 main categories of the most popular passwords:

1.Easy-to-guess number combinations (for example 12345, 111111, and 123321)

2.Strings of letters forming a horizontal or vertical line on the QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx)

3.The least imaginative one: ‘password’ and all combinations of it (Password1, password1)

4.Popular female names (Nicole, Jessica, Hannah)

5.Positive, happy words (iloveyou, princess, sunshine, family)

6.Favourite sports or sports team (soccer, Liverpool)

7.Favourite music group (onedirection)

8.Name of the service or device you’re using (Facebook, Samsung)

9.Swear words (let your imagination run wild for this one!)

10.Admin-type passwords (computer, test1, welcome)

“Often, people don’t put too much thought into creating strong passwords. They think it’s hard to guess a password or that a common person is not attractive to hackers. Reality is different. Everyone has accounts and information that are of some value to attackers. ‘Password guessing,’ or brute-force, attack is an automated, common, and effective method to hack people’s passwords,” says Chad Hammond, a security expert at NordPass.

Wondering how a brute-force attack works? Firstly, hackers will check if your password is among the most popular ones. Then they will list all known information that you might use for your password, such as your name, address, favorite band, sports team, or your pet’s name.

There is also a program that will tweak this information by adding more data — numbers or special symbols. Hackers will also translate words into Leetspeak (where ‘password’ becomes ‘p422W0Rd’) or scan ‘rainbow tables.’ These are huge sets of tables filled with hash values pre-matched to possible plaintext passwords. Also, hackers will check if your other accounts have been breached and if you reused the same password for another account.

So if your password is very common or at least falls under one of the 10 most common categories, it will take minutes (or even seconds) to guess it.

Hackers don’t only target famous, rich, and influential people. Many cyberattacks target masses, and if you have a weak security system in place, your account will be breached.