Online security heavily relies on passwords, which are meant to safeguard your accounts, devices, and finances. Yet, numerous individuals still opt for login credentials so simple that cybercriminals can easily guess them.
The most recent report from NordPass highlights this recurring problem. Unsurprisingly, “admin” has been identified as the most frequently used password in the United States this year.
NordPass, alongside NordStellar—two cybersecurity firms monitoring leaked credentials—analyzed millions of compromised passwords to spot trends. They also compared how different generations approach their password choices. The trend is pretty clear: many people continue to use basic words, familiar sequences of numbers, and common keyboard patterns. Such choices offer attackers a relatively easy way to breach numerous accounts.
Most common passwords in the US
NordPass’s list for 2025 reveals some unsettling truths. “Admin” sits at the top, while variations of “password” take up five spots. A string of numbers appears nine times, alongside various explicit terms.
Here are the 20 most common passwords Americans have used this year:
- administrator
- password
- 123456
- 12345678
- 123456789
- 12345
- password
- 12345678910
- Gmail.12345
- password 1
- Aa123456
- Damn
- 1234567890
- abc123
- Welcome 1
- Password 1!
- password 1
- 1234567
- 111111
- 123123
Weak passwords continue to be a significant concern. Attackers often use automated tools that first target straightforward words and common patterns. With millions of users sticking to the same easy passwords, breaches happen quickly.
Global trends show similar risky password behavior
It’s a worldwide issue too; “123456” is the leading password globally. Following closely are “admin” and “12345678.” These methods are designed for easy recall, yet they also present an inviting opportunity for hackers.
Interestingly, researchers noted an increase in the use of special characters. But even with this rise, most passwords remain weak. Combinations like P@ssw0rd and Abcd@1234 still follow predictable patterns, making them vulnerable to attack.
The term “password” is ubiquitous, appearing in various local languages, illustrating the extent of the problem globally.
Why younger generations still choose insecure passwords
There’s a common belief that younger individuals are more aware of online safety thanks to their familiarity with technology. However, research reveals this assumption may not hold true.
NordPass found that teens often pick the same weak passwords as much older adults. While younger users tend toward long strings of numbers, older groups seem to favor names. Neither demographic adopts secure or random combinations. Gen Z and Gen Y typically steer clear of names, which are more common among older generations. Attackers anticipate both patterns, meaning each strategy has its risks.
Why weak passwords are still a big threat
Weak passwords are gateways for data breaches and account hacks. Criminals deploy scripts that can attempt billions of combinations in a mere second. When certain passwords become widespread, they are particularly easy targets.
A single compromised login can lead to unauthorized access to email, social media, banking, and more. Many attacks initiate this way; once one account is breached, offenders will typically try the same password elsewhere.
Steps to keep your password safe
There are several straightforward habits you can adopt to enhance your digital security and thwart common attacks.
1) Create a strong random password
A long password or a unique passphrase is a good idea—shoot for at least 20 characters. Mix in letters, numbers, and special characters, and avoid predictable patterns.
2) Avoid reusing passwords
Each account should have its unique password. That way, if one login gets compromised, your other accounts will stay protected.
3) Check and update weak passwords
Review your old passwords and change anything that is short or easily guessable. Opting for fresh passwords reduces your risk considerably.
4) Use a password manager
Password managers can generate secure passwords and store them safely. They can also autofill your credentials so you don’t have to memorize everything.
5) Turn on multi-factor authentication (MFA)
MFA adds an additional layer of security before login. This simple step can significantly hinder attackers.
6) Keep your software up to date
Regularly update your mobile and computer browsers and apps. These updates patch security vulnerabilities that criminals might exploit. Ignoring updates can compound risks, as attackers may take advantage of outdated software along with easy login credentials.
Pro tip: Use a data deletion service
Passwords often leak from forgotten profiles on data broker sites. Data deletion services can help you wipe your personal information from such sites, making it less likely that your account will be targeted.
While it’s not possible to ensure total data removal from the internet, these services can provide some peace of mind. They might not be cheap and come with some privacy trade-offs, but they typically involve actively monitoring and removing personal data from multiple websites.
Final thoughts
Despite new security tools and educational efforts, weak passwords are likely to remain a major concern in 2025. By implementing some basic changes, individuals can significantly enhance their online safety. Quick wins in building secure habits can really help keep cybercriminals at bay.
Why do you think weak passwords continue to be so popular despite the well-known risks?
