The World’s Most Used Passwords in 2025 — And Why We’re Still Getting Cybersecurity Wrong
In a world racing toward digital payments, AI-driven apps and biometric authentication, it seems absurd that millions of internet users still rely on passwords so weak that a hacker could guess them in seconds.
Yet here we are.
According to the 2025 NordPass “Top 200 Most Common Passwords” report, the single most popular password in the world is still “123456”. Not only does it top the global chart, but it is used by a staggering 21.6 million people.
The report analysed data from 40+ countries between September 2024 and September 2025, using information from public data breaches and dark-web leak repositories. And what it found is unsettling but familiar: convenience continues to trump security, no matter how much technology evolves.
The Password Problem: Familiarity Over Safety
From Lagos to London, Tokyo to São Paulo, users still choose passwords they can remember easily. This makes sense, but it also makes them incredibly predictable.
NordPass researchers found that:
- People frequently use their first names, surnames, or simple variations like “promise123” or “Joan89”
- Hackers are fully aware of these global trends
- Geography and culture strongly influence password patterns
As the report puts it:
“The most common first names and surnames appear in passwords across nearly every region, proving how cultural habits shape vulnerabilities.”
Top 10 Most Used Passwords in the World (2025)
| Rank | Password | Users (Millions) |
|---|---|---|
| 1 | 123456 | 21.6M |
| 2 | admin | 21.03M |
| 3 | 12345678 | 8.3M |
| 4 | 123456789 | 5.7M |
| 5 | 12345 | 4M |
| 6 | password | 3.5M |
| 7 | Aa123456 | 2.5M |
| 8 | 1234567890 | 1.4M |
| 9 | Pass@123 | 1.2M |
| 10 | admin123 | 1.1M |
Despite advancements in cybersecurity, these passwords remain shockingly common—and easily exploitable.
Generations Change. Password Habits Don’t.
You might expect digital natives such as Generation Z to be smarter about cybersecurity. The report says that’s a myth.
After analysing millions of leaked passwords, NordPass found:
“The password habits of an 18-year-old are strikingly similar to those of an 80-year-old.”
Weak passwords like “12345” and “123456” appear across every age group—from teenagers to the Silent Generation.
Top 10 Passwords by Generation (2025)
| Rank | Gen Z | Millennials | Gen X | Baby Boomers | Silent Gen |
|---|---|---|---|---|---|
| 1 | 12345 | 123456 | 123456 | 123456 | 12345 |
| 2 | 123456 | 1234qwer | 123456789 | 123456789 | 123456 |
| 3 | 12345678 | 123456789 | 12345 | 12345 | susana |
| 4 | 123456789 | 12345678 | veronica | maria | marta |
| 5 | passsword | 12345 | lorena | Contrasena | margarita |
| 6 | 1234567890 | 1234567890 | 12345678 | susana | Contrasena |
| 7 | skibidi | password | 1234567 | silvia | 123456789 |
| 8 | 1234567 | 1234567 | valentina | graciela | 12345678 |
| 9 | pakistan123 | Contrasena | teckiss | monica | virginia |
| 10 | assword | mustufaj | follar | claudia | rodolfo |
From Gen Z’s playful choices like “skibidi” to the Silent Generation’s “susana” and “marta,” the patterns are clear: simplicity rules.
Why We Still Use Weak Passwords
Across generations, the motivations are surprisingly universal:
- Convenience: People want something easy to remember
- Overconfidence: Users think they “won’t be hacked”
- Digital fatigue: Too many accounts, too many logins
- Lack of awareness: Many don’t understand security risks
- Cultural patterns: Names, dates and simple sequences dominate
Even with rising cyberattacks, users continue prioritising speed over safety.
What This Means for Global Cybersecurity
Weak passwords are the easiest entry points for cybercriminals. With billions of credentials exposed in annual breaches, a single predictable password can compromise:
- Bank accounts
- Email inboxes
- Social media profiles
- Digital identities
- Work systems
The uniformity across age groups also means hackers do not need sophisticated tools, just knowledge of trends.
The Path Forward: Smarter Security, Simpler Tools
Security experts argue that three habits could drastically reduce global vulnerabilities:
- Use password managers (to handle complex logins)
- Enable two-factor authentication
- Stop recycling passwords across accounts
Until users adopt these practices, the world will continue relying on digital locks made of paper.
