Millions of British people are using their pet's name as their online password, despite it being an easy target for hackers, a survey has found.
The National Cyber Security Centre (NCSC) said 15% of the population used pets' names, 14% use a family member's name, and 13% pick a notable date.
And 6% of people are still using "password" as all - or a part - of their password.
The NCSC urged people to choose random words that cannot be guessed instead.
Other problematic passwords included a sports team the user supported (6%), a string of numbers such as "123456" (6%), or a favourite TV show (5%).
Some 40% of respondents said they had never used one of these easily-guessed items as part of a password.
NCSC communications director Nicola Hudson warned: "We may be a nation of animal lovers, but using your pet's name as a password could make you an easy target for callous cyber-criminals."
That is because a pet's name could be cracked just by repeatedly plugging in common pet's names like Bella, Coco, Luna or Milo - or other very common pet names.
The same logic applies to family names and birthdays, all of which can also often be gleaned from social media.
"Millions of accounts could be easily breached by criminals using trial-and-error techniques," the NCSC warned.
This survey shows us once again that people are still failing to protect themselves in the simplest of ways.
Using your pet or child's name isn't great, but the most damaging form of password complacency is using the same password across multiple sites and services.
My inbox is regularly filled with complaints from people who have had their Instagram accounts hacked or Spotify memberships stolen, and it's normally always down to this password repetition weakness.
Unfortunately companies are being hacked all the time and if your email and password is compromised, those details are shared and sold in huge databases in hacker communities.
If you use the same email and password to log into your other apps then the hackers now can as well.
So you might have a brilliant and unique password but if it ends up on one of these database lists then criminals can unlock your entire internet life with a few clicks.
The NCSC is instead asking people to choose three random, unconnected words as a password. An example they give is "RedPantsTree", which is unlikely to be used anywhere else online.
It also recommends adding exclamation points or other symbols to the end if needed by a site, and saving passwords in a web browser's password manager. Doing so makes it easier to use different passwords for different sites.
And it is also imploring people to use a separate, unique, secure password for their email, which can often be used to reset the passwords for other services.
The NCSC also said that lockdowns in the last year have led to an increase in more online accounts, with 27% of people saying they had created more than four password-protected accounts.
The research involved 1,282 adults, and was carried out in early March.