Each year, cybersecurity experts urge internet users to strengthen their passwords, yet millions still choose simple and easy-to-remember combinations. The latest NordPass Top 200 Most Common Passwords Report (2025) shows that password security remains a significant global concern.
NordPass and NordStellar, with support from cybersecurity researchers, analyzed passwords leaked between September 2024 and September 2025. No personal data was bought or collected. Their findings reveal that culture and language heavily influence password creation, with many people using local names, surnames, or predictable number sequences.
The World’s Favorite Passwords: Still “123456”
Globally, “123456” holds the top spot again, used by more than 21 million people. “admin” and “12345678” follow closely behind. Despite frequent data breach warnings, people continue to prioritize convenience over safety.
Password Trends in India
In India, the same pattern repeats. “123456” was the most common password, appearing in about 1.9 million leaked entries. Others such as “Pass@123,” “admin,” and “12345678” were also highly used. Many Indian users mix capital letters and symbols into predictable patterns, creating a false sense of security.
Passwords Reflect Cultural Habits
The report notes that users worldwide often incorporate personal names—like “rahul99,” “kristian123,” or “suresh@123.” These name-based passwords may feel personal but are among the easiest to crack.
Generational Myths About Password Strength
One surprising insight challenges a long-held belief: younger generations aren’t necessarily better at cybersecurity. NordPass found very little difference in password strength between age groups.
– Gen Z (1997–2007) still favor simple sequences like “12345,” “123456,” and “password.”
– Millennials often reuse weak patterns such as “1234qwer” and “123456789.”
– Gen X users prefer combinations of names and numbers but still lean on “123456.”
– Baby Boomers and Silent Generation users rely on emotional or simple words like “maria,” “susana,” and “contraseña.”
In short, weak passwords are a universal problem across all age groups and cultures.
Why Weak Passwords Are Dangerous
Hackers often start attacks with databases of popular passwords, using brute-force or dictionary techniques. This makes these simple passwords the easiest targets for cybercriminals. Experts warn that improving password strength is no longer optional—it’s essential for personal and organizational security.
How to Strengthen Your Passwords
– Avoid using common patterns or personal names.
– Combine letters, numbers, and special symbols in unpredictable ways.
– Use password managers to create and store complex credentials.
– Enable multi-factor authentication for added security.
The NordPass 2025 report serves as an urgent reminder: technology keeps evolving, but password habits must evolve too. Protecting your digital identity starts with one of the simplest actions—choosing a strong, unique password.
