If you think cybercriminals rely on ultra-sophisticated hacks, the latest global password report for 2025 tells another story entirely. Despite years of awareness campaigns, data breaches, and digital transformation, billions of people are still using painfully predictable passwords — and hackers are taking full advantage.A new report from password manager NordPass reveals a troubling trend: not only are the world’s most-used passwords almost unchanged year after year, but every generation — from Gen Z to baby boomers — is making the same cybersecurity mistakes.
The Top 10 Most-Used Passwords in the World (2025)
The NordPass study analyzed public data breaches and dark web dumps collected between September 2024 and September 2025 across 40+ countries. The findings confirm that convenience still beats security for most users.
Rank
Password
Users
1
123456
21.6 million
2
admin
21.03 million
3
12345678
8.3 million
4
123456789
5.7 million
5
12345
4 million
6
password
3.5 million
7
Aa123456
2.5 million
8
1234567890
1.4 million
9
Pass@123
1.2 million
10
admin123
1.1 million
Many passwords are simple number strings or predictable combinations of common names and dates — making them effortless for attackers who use automated tools to guess them in seconds.
Password Habits Across Generations: The Surprising Truth
One of the most eye-opening parts of the report: age doesn’t matter. Gen Z — often praised as tech-savvy — uses weak passwords just as frequently as older generations.
NordPass calls this belief a “misconception,” revealing that an 18-year-old and an 80-year-old share almost identical password habits.
The most-used passwords across generations show the same pattern:
Rank
Gen Z (1997–2007)
Millennials (1981–1996)
Gen X (1965–1980)
Baby Boomers (1946–1964)
Silent Gen (before 1946)
1
12345
123456
123456
123456
12345
2
123456
1234qwer
123456789
123456789
123456
3
12345678
123456789
12345
12345
susana
4
123456789
12345678
veronica
maria
marta
5
passsword
12345
lorena
Contrasena
margarita
6
1234567890
1234567890
12345678
susana
Contrasena
7
skibidi
password
1234567
silvia
123456789
8
1234567
1234567
valentina
graciela
12345678
9
pakistan123
Contrasena
teckiss
monica
virginia
10
assword
mustufaj
follar
claudia
rodolfo
This generational overlap shows that password weakness isn’t a tech problem — it’s a human behavior problem.
Why Weak Passwords Are Still So Dangerous
Cybercriminals routinely use leaked databases and automated cracking tools that can test millions of combinations every second. When users rely on simple passwords (like “12345”), they essentially give hackers the key to their digital identity.
From banking apps to email to health records, weak and repeated passwords open the door to identity theft, financial fraud, and unauthorized account takeovers.
How to Create Safer Passwords: Expert Tips (2025)
1. Use Strong Passwords or Passphrases
A strong password has 8+ characters, including uppercase, lowercase, numbers, and symbols. Passphrases — e.g., “Il0v3Nig3ria!” — are even stronger and easier to remember.
2. Never Reuse Passwords
Using one password across multiple accounts means a single breach opens the door to all your accounts.
3. Use a Password Manager
Tools like Bitwarden, Dashlane, Keeper, and NordPass generate and securely store unique passwords for you.
4. Enable Multi-Factor Authentication (MFA)
Even if someone discovers your password, MFA stops them from logging in without verifying through your phone or device.
5. Consider Switching to Passkeys
Passkeys use your fingerprint, face, or device PIN — making them far more secure than traditional passwords.
The Bigger Picture: Cybersecurity Needs a Mindset Shift
This year’s password trends prove something important: technology alone can’t fix cybersecurity. Until people change their habits, data breaches will continue to grow — no matter how advanced our tools become.
So here’s the real question: Are weak passwords a tech problem… or a human behavior problem we haven’t solved yet?
