TL;DR
NordPass's latest research reveals the ongoing global reliance on weak passwords like "123456" and "password," despite slight improvements in security practices.
Key Points
Highlight key points with color coding based on sentiment (positive, neutral, negative).Weak passwords such as "123456," "password," and other simple numeric sequences continue to dominate globally across every generation, underscoring a long-standing failure to adopt even basic cybersecurity hygiene.
The study reveals strong cultural and regional fingerprints in password creation, with first names, surnames, and locally significant words frequently appearing in leaked passwords, reinforcing how personal identity shapes insecure password habits.
Use of special characters in passwords has increased significantly, with 32 entries in the global top list containing them - up from just six last year - suggesting slow but measurable movement toward more complex patterns.
Despite years of awareness campaigns and widespread data breaches, password hygiene remains stagnant, with users across all age groups continuing to reuse predictable patterns that attackers can crack instantly.
The report’s findings are based on aggregated analysis of credentials exposed in public data breaches and dark web repositories from September 2024 to September 2025, offering one of the most comprehensive snapshots of modern password behavior.
NordPass has just released its seventh annual report on the Top 200 Most Common Passwords, and the results are, frankly, a bit alarming. Despite the constant drumbeat about password security, people are still clinging to the same old, easy-to-guess passwords like "123456" and "password." This report, created with the help of NordStellar and cybersecurity experts, examines data from public breaches and the dark web over the past year. It's fascinating, really, to see how cultural quirks shape password choices, with first names and surnames frequently appearing in different countries.
Let's explore the generational aspect. The report spans everyone from the silent generation to Gen Z, and surprise, surprise - weak passwords are a universal issue. Those simple number strings like "123456" and "123456789" are still leading the pack. Sure, there's been a slight uptick in the use of special characters, but many passwords remain as basic as "P@ssw0rd" or "Admin@123." It's like folks are making an effort, but not quite hitting the mark, you know?
Focusing on the U.S., the usual culprits like "admin," "password," and those number sequences continue to dominate. This study highlights the ongoing challenge of getting people to take password security seriously. Even with the surge in data breaches, it seems convenience is still trumping security. The findings suggest that despite all the efforts to raise cybersecurity awareness, user behavior hasn't changed much. It's a bit of a puzzle, really.
What are the 10 most common passwords for boomers?
123456
123456789
12345
maria
Contraseña
susana
silvia
graciela
monica
claudia
What are the 10 most common passwords for Gen X?
123456
123456789
12345
veronica
lorena
12345678
1234567
valentina
teckiss
follar
What are the 10 most common passwords for millennials?
123456
1234qwer
123456789
12345678
12345
1234567890
password
1234567
Contraseña
mustufaj
What are the 10 most common passwords for Gen Z?
12345
123456
12345678
123456789
password
1234567890
skibidi
1234567
pakistan123
assword
Key Numbers
Present key numerics and statistics in a minimalist format.The total number of countries included in NordPass’s analysis of global password trends, allowing for comparison across regional cultures and security behaviors.
The count of passwords in this year's global Top 200 list that contain at least one special character, indicating a rise in password complexity.
The count of passwords in last year's global Top 200 list that included special characters, used as a baseline to measure year-over-year growth in password complexity.
The number of consecutive years NordPass has published its annual password trends report, reflecting long-term tracking of global credential security habits.
Stakeholder Relationships
An interactive diagram mapping entities directly or indirectly involved in this news. Drag nodes to rearrange them and see relationship details.Organizations
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.Led the annual global study analyzing the Top 200 Most Common Passwords, including generational and regional password trends.
Partnered with NordPass to gather, analyze, and validate data from public breaches and dark web sources for the password study.
Provided expertise in analyzing breach datasets and identifying aggregated password statistics used in the report.
Tools
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.Compiled from public breach repositories and dark web sources between September 2024 and September 2025.
Events
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.The seventh annual edition of NordPass’s global password security report, featuring generational analysis for the first time.
Industries
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.The findings highlight persistent global weaknesses in password hygiene, influencing cybersecurity practices and awareness efforts.
Timeline of Events
Timeline of key events and milestones.NordPass published its inaugural Top 200 Most Common Passwords list, establishing the baseline for global password trend analysis.
NordPass and NordStellar analyzed exposed password datasets from public breaches and dark web repositories over a 12-month period to prepare the newest report.
NordPass published the seventh edition of the Top 200 Most Common Passwords study, featuring its first-ever generational analysis.
Additional Resources
Enjoyed it?
Get weekly updates delivered straight to your inbox, it only takes 3 seconds!Subscribe to our weekly newsletter VarBear to receive similar updates for free!
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
FAUN.dev()
FAUN.dev() is a developer-first platform built with a simple goal: help engineers stay sharp without wasting their time.
VarBear #SoftwareEngineering
FAUN.dev()
@varbear