Tech companies NordPass and NordStellar in collaboration with independent researchers specializing in cybersecurity incidents have released a report on most common passwords around the world.
According to their report, web and social media users have displayed a stong tendency to opt for weak passwords that prioritize convenience over security.
Recent public data breaches and dark web repositories were analyzed from September 2024 to September 2025 to identify statistically aggregated data.
Exposed passwords further revealed numerous variations made using a first name or a surname alongside some numbers, for example “kristian123” or “Joan89.”
The most common passwords identified were ‘123456’ and ‘admin’ with over 21 million users globally.
Closing the top 3 was ‘12345678’ with over 8 million users.
Top 50 Most Common Passwords (Users in brackets)
- 123456 (21,627,656)
- admin (21,030,012)
- 12345678 (8,274,408)
- 123456789 (5,673,712)
- 12345 (3,950,777)
- password (3,545,119)
- Aa123456 (2,520,728)
- 1234567890 (1,418,939)
- Pass@123 (1,210,039)
- admin123 (1,087,247)
- 1234567 (1,084,354)
- 123123 (1,060,563)
- 111111 (990,391)
- 12345678910 (988,396)
- P@ssw0rd (770,658)
- Password (755,709)
- Aa@123456 (735,141)
- admintelecom (585,620)
- Admin@123 (579,512)
- 112233 (576,908)
- 102030 (511,130)
- 654321 (495,869)
- abcd1234 (468,833)
- abc123 (461,961)
- qwerty123 (438,619)
- Abcd@1234 (403,898)
- Pass@1234 (397,921)
- 11223344 (390,421)
- admin@123 (382,386)
- 87654321 (374,510)
- 987654321 (363,842)
- qwerty (350,646)
- 123123123 (333,540)
- 1q2w3e4r (330,761)
- Aa112233 (323,392)
- 12341234 (316,447)
- qwertyuiop (314,373)
- 11111111 (311,554)
- Admin (305,369)
- Password@123 (304,394)
- asd123 (293,088)
- Aboy1234 (287,761)
- 123321 (275,964)
- admin1 (266,845)
- Admin123 (257,164)
- Demo@123 (244,695)
- 1q2w3e4r5t (244,044)
- admin1234 (240,122)
- aa123456 (239,114)
- 121212 (232,452)
According to Robbin Mutwiri, a tech expert from Zayre Gadgets, digital users need to embrace strong passwords on their online accounts including bank accounts and personal drives, as well as social media platforms.
He notes that most cyber security crimes are as a result of weak passwords, which leaves users vulnerable.
“We have noticed hacked accounts being used to commit crimes on the internet. When your identity is used, your digital fingerprints are all over the crime scene, leaving you liable of the offences”, Mutwiri said.
Additionally, Mutwiri warns that marketing companies can also expose important user data while some of the data can also be obtained by guessing passwords.
He warns that users should embrace modern technology such as the 2-step authentication system and also be careful on what they post especially on social media which may expose them to threats.
“Cybercriminals can guess weak your password in seconds. Sequential numbers and generic words are the first combinations tested by the criminals. By using weak passwords, hackers steal personal data and impersonate victims online, as well as commit financial fraud”, Mutwiri added.
Experts advise users to use different passwords for different online services to avoid being compromised.
Additionally, users are advised to use complex words and symbols which are at least 12-16 characters long and avoid personal information such as name or birth dates.
Users are also advised to regularly update their passwords every 3-6 months and watch out for fraudulent emails or links which attackers use to trick users into revealing their passwords.
