The Most Hackable Countries Across Europe

Cybercrime is a continuing threat to online security, with Inc. revealing that 158 accounts are hacked every second. Organisations and businesses are particularly at risk, with 2021 seeing a 50% increase in cyber attacks on company networks over 2020.

Large organisations are often the main target of online hacks. Selling stolen data is a driver behind these increases, with hackers able to make millions from compromised accounts. It’s predicted that in 2023 alone, cybercriminals will steal around 33 billion records online.

Often a hacker won’t guess passwords as this takes far too much time when attempting to breach thousands of accounts. Instead, they employ brute force attacks using code and robotic networks that automatically input the most commonly used passwords. These are usually sourced from previously compromised accounts, and passwords that they can predict based on the data they have.

Utilising a commonly used password is the quickest way to have your account breached with brute force hacking. With this in mind, Custard Technical Services have tested the most commonly used passwords across 25 countries in Europe, to reveal the residents with the best and worst cyber security.


The Average Time to Hack a Password


Custard Technical Services compiled the thirty most commonly used passwords for accounts linked to 25 European countries, and averaged the amount of time it’d take for a brute force machine to hack each of those passwords.

The average time taken to hack a password across all European countries was around 14 hours, just over half a day. Here are the countries that had the worst password security in place.

  • Austria - 0.27

The study revealed that Austria is the European country most at risk of online threats, with the average time to crack the top thirty passwords in use by residents standing at 0.27 seconds.

Austria uses some of the most common passwords across Europe, with ‘123456’ and ‘password’ being the top two, both taking 0 seconds for code to guess.

Austria experienced one of its most serious cyber attacks in 2020, where the foreign ministry was targeted, despite all of its security measures.

  • Russia - 8.96

In second place is Russia, where the top thirty passwords in use across the country take an average of 8.96 seconds to crack.

Russia’s second most commonly used password was ‘qwerty’, a simple password for hackers to crack, taking 0 seconds. In fact, Russia’s top 5 most commonly used passwords would all take approximately 0 seconds for a hacker to figure out.

Cyber conflicts are currently happening throughout Russia, after its recent attack against Ukraine. The anonymous hacker group has declared cyber war with Russia in connection with the recent attack. The group has recently hacked the Ministry of Defence database and several Russian state TV channels.

  • Latvia - 17.48

Latvia is the third European country with the worst password security, with an average brute force hacking time of 17.48 seconds across all thirty most-popular passwords.

The top ten passwords in Latvia took less than 0.2 seconds to crack, with ‘12345’, ‘qwerty’ and ‘123456789’ appearing in the top three.

In 2018, Russia initiated a malicious cyber attack on the Latvian government. Although the attack did not successfully alter the election results as intended, this was still a serious cyber invasion noted between the governments.

  • Spain - 26.52

The study revealed Spain to be the fourth least cyber secure European country, with the majority of accounts taking 26.52 seconds to breach.

Within Spain’s top five most commonly used passwords were several number sequences including ‘12345’, ‘123456’, ‘123456789’, ‘12345678’ and ‘1234’. Cyber attackers commonly used numbered lists when attempting a data breach so it is important to avoid passwords similar to those.

Spain has seen numerous social media hacks, most notably 130 high-profile twitter hacks including Barack Obama and Kayne West, carried out by a Spanish resident.

  • Switzerland - 36.26

Switzerland is fifth, with the top thirty passwords taking just 36.26 seconds to hack, just over half a minute!

90% of the top thirty passwords in Switzerland would take under 0.2 seconds to crack, with ‘qwerty’, ‘password’ and ‘12345’ appearing in the top ten.

In January 2022, Switzerland experienced one of its largest cyber attacks, where The International Committee of the Red Cross (ICRC) was a victim of a data breach, with over  515,000 people’s personal and confidential data exposed.


The Five Countries That Use the Most Common Passwords

According to Nord Pass, the top most commonly used passwords across all countries in the world are as follows:

  • Latvia

Latvia has the worst cyber security in place, using nine out of ten of the most commonly used passwords internationally. In Latvia’s top ten passwords appeared ‘123456’, ‘qwerty’, ‘123456789’, ‘12345’, ‘111111’, ‘12345678’, ‘1234567’, ‘1234567890’ and ‘123123’.

  • Greece

Greece is second for using the most common passwords, with nine out of ten international passwords appearing in the country’s top ten. Greece’s top three most commonly used passwords match those globally - ‘123456’ ‘123456789’ and ‘12345’.

  • Germany 

Germany is third for using the most commonly used passwords, with 80% of its top ten passwords appearing in the global top ten. Germany’s top three were all number sequences, ‘123456’, ‘123456789’ and '12345678’.

  • Denmark

Denmark is fourth in the top five European countries with the most commonly used passwords, using eight out of the ten, with the top three matching those of the global top three ‘123456’, ‘123456789’ and ‘12345’.

  • Hungary

Fifth is Hungary, with 7 of its top ten most commonly used passwords appearing in the global top ten list, with its fourth matching the international fourth ‘qwerty’.

84% of the 25 European countries analysed by Custard Technical Services had ‘123456’ as the most commonly used password, taking 0 seconds for a hacker to crack. The other 12% had the third most commonly used password ‘12345’ as their first, taking 0 seconds to crack and the remaining 4% had ‘qwerty’ the fourth, as their first, again taking 0 seconds for a hacker to figure out.

How Many Accounts Get Hacked a Day?

While there is no reliable data on the amount of accounts that get hacked each day for the current year, data breach statistics from 2018 show that over 2.5 billion accounts were hacked in that year. This amounts to roughly 6.85 million accounts each day, or 158 every second. Cybercrime numbers have significantly increased in recent years, therefore it is safe to assume that the number of accounts getting hacked daily has likewise increased.

Robert Hinds, Security Specialist at Custard Technical Services said: “Ensuring your online accounts are protected is more important than ever before. Hackers are constantly testing accounts with brute force software, and will eventually access an account that uses simple, common passwords.

“For people at home this means shopping accounts could be breached, with bank account details leaked and items bought.

“For the business user, a breach could lead to data lost and sold online without fully knowing what data has been compromised.

“Never use personal information when setting a password, and never reveal potential passwords or security questions online - such as your first car or pet. Revealing this data could make you an easy target.

“To create a strong password you’ll need a combination of numbers, capital letters, characters, and symbols. However, you should make sure the number sequences you insert into your passwords are not common, for example 123456. Include a memorable number sequence that is personal to you, avoiding your birthday.

“Passwords with no uppercase letters can be cracked almost instantly. The more characters, symbols, and variation a password has, the better the combination.

“Prioritise the length of your password. Passwords should be around 16 characters, if not more. Try to avoid using real words, make up a strong word, number and character combination and then write it down somewhere you’ll remember. Don’t save or share passwords in online documents, and never repeat passwords across accounts.”

If your business is in need of security measures or even disaster recovery for a recent cyber attack, Custard Technical Services offer award-winning IT support and security services.


About Custard Technical Services

Custard Technical Services is an award-winning IT support and security company that offers market-leading IT solutions to the UK and international partners.

Custard Technical Services is headquartered in Nottingham and London and has been assisting businesses with everything from email & spam protection and IT infrastructure to disaster recovery planning for over two decades.



Custard Technical Services pulled the top thirty most used passwords for each country from Nord Pass research. They then measured the time it would take to crack each password using an automated brute force password checker.