If you think cybercriminals rely on ultra-sophisticated hacks, the latest global password report for 2025 tells another story entirely. Despite years of awareness campaigns, data breaches, and digital transformation, billions of people are still using painfully predictable passwords — and hackers are taking full advantage.A new report from password manager NordPass reveals a troubling trend: not only are the world’s most-used passwords almost unchanged year after year, but every generation — from Gen Z to baby boomers — is making the same cybersecurity mistakes.
The Top 10 Most-Used Passwords in the World (2025)
The NordPass study analyzed public data breaches and dark web dumps collected between September 2024 and September 2025 across 40+ countries. The findings confirm that convenience still beats security for most users.
| Rank |
Password |
Users |
| 1 |
123456 |
21.6 million |
| 2 |
admin |
21.03 million |
| 3 |
12345678 |
8.3 million |
| 4 |
123456789 |
5.7 million |
| 5 |
12345 |
4 million |
| 6 |
password |
3.5 million |
| 7 |
Aa123456 |
2.5 million |
| 8 |
1234567890 |
1.4 million |
| 9 |
Pass@123 |
1.2 million |
| 10 |
admin123 |
1.1 million |
Many passwords are simple number strings or predictable combinations of common names and dates — making them effortless for attackers who use automated tools to guess them in seconds.
Password Habits Across Generations: The Surprising Truth
One of the most eye-opening parts of the report: age doesn’t matter. Gen Z — often praised as tech-savvy — uses weak passwords just as frequently as older generations.
NordPass calls this belief a “misconception,” revealing that an 18-year-old and an 80-year-old share almost identical password habits.
The most-used passwords across generations show the same pattern:
| Rank |
Gen Z (1997–2007) |
Millennials (1981–1996) |
Gen X (1965–1980) |
Baby Boomers (1946–1964) |
Silent Gen (before 1946) |
| 1 |
12345 |
123456 |
123456 |
123456 |
12345 |
| 2 |
123456 |
1234qwer |
123456789 |
123456789 |
123456 |
| 3 |
12345678 |
123456789 |
12345 |
12345 |
susana |
| 4 |
123456789 |
12345678 |
veronica |
maria |
marta |
| 5 |
passsword |
12345 |
lorena |
Contrasena |
margarita |
| 6 |
1234567890 |
1234567890 |
12345678 |
susana |
Contrasena |
| 7 |
skibidi |
password |
1234567 |
silvia |
123456789 |
| 8 |
1234567 |
1234567 |
valentina |
graciela |
12345678 |
| 9 |
pakistan123 |
Contrasena |
teckiss |
monica |
virginia |
| 10 |
assword |
mustufaj |
follar |
claudia |
rodolfo |
This generational overlap shows that password weakness isn’t a tech problem — it’s a human behavior problem.
Why Weak Passwords Are Still So Dangerous
Cybercriminals routinely use leaked databases and automated cracking tools that can test millions of combinations every second. When users rely on simple passwords (like “12345”), they essentially give hackers the key to their digital identity.
From banking apps to email to health records, weak and repeated passwords open the door to identity theft, financial fraud, and unauthorized account takeovers.
How to Create Safer Passwords: Expert Tips (2025)
1. Use Strong Passwords or Passphrases
A strong password has 8+ characters, including uppercase, lowercase, numbers, and symbols. Passphrases — e.g., “Il0v3Nig3ria!” — are even stronger and easier to remember.
2. Never Reuse Passwords
Using one password across multiple accounts means a single breach opens the door to all your accounts.
3. Use a Password Manager
Tools like Bitwarden, Dashlane, Keeper, and NordPass generate and securely store unique passwords for you.
4. Enable Multi-Factor Authentication (MFA)
Even if someone discovers your password, MFA stops them from logging in without verifying through your phone or device.
5. Consider Switching to Passkeys
Passkeys use your fingerprint, face, or device PIN — making them far more secure than traditional passwords.
The Bigger Picture: Cybersecurity Needs a Mindset Shift
This year’s password trends prove something important: technology alone can’t fix cybersecurity. Until people change their habits, data breaches will continue to grow — no matter how advanced our tools become.
So here’s the real question: Are weak passwords a tech problem… or a human behavior problem we haven’t solved yet?
