Sign in Subscribe
Cybersecurity

The Most Common Password of 2025

A shocking new study reveals we haven’t learned a thing about password safety—94% of us still reuse passwords, and hackers are loving it.

Janeel Abrahams

Janeel Abrahams

2 min read
The Most Common Password of 2025

If your password is “123456,” you're not alone—and that’s a massive problem.

A jaw-dropping study just analyzed more than 19 billion leaked passwords from the past 12 months, and what it uncovered is the stuff of cybersecurity nightmares: Only 6% of passwords were unique. That means a staggering 94% of people reused or recycled the same password across multiple accounts.

Yes—nineteen billion passwords were out there for anyone to grab, and “1234,” “password,” and “admin” are still topping the charts.

It’s 2025—Why Are We Still Doing This?

Let’s face it: passwords are annoying. So people take shortcuts. But when your shortcut is “qwerty” or your kid’s name, you’re basically handing your digital life to hackers on a silver platter.

In fact, the name “Ana” was the second most common password component, and over 727 million passwords just used “1234.” Hackers don’t need to be geniuses—they just need patience and a copy of your habits.

As cybersecurity researcher Neringa Macijauskaitė bluntly put it:

“We’re facing a widespread epidemic of weak password reuse. Most users are one breach away from losing everything.”

And she’s not exaggerating. Think about it—if you use the same password for your email, bank, Netflix, and Amazon… one leak means they’re all at risk.

What’s Really in These Leaks?

The Cybernews team behind the research analyzed over 200 real-world data breaches from just the past year—everything from stealer logs to massive data dumps. These weren’t underground secrets either. All the data was publicly available (unfortunately), and the researchers made sure it was fully anonymized and deleted after analysis.

In total, the dataset weighed in at 213 GB, containing 19,030,305,929 passwords. Of those? Only 1.1 billion were unique. The rest were duplicates—over and over again.

This isn’t just about a few lazy users. It’s a global crisis.

This Is a Hacker’s Dream Come True

When attackers get a leaked database, they don’t have to guess your password. They just try the most common ones—“123456,” “admin,” “password,” or your first name—and they will get into some accounts. It's called credential stuffing, and it works frighteningly well.

Worse? Many of these weak passwords started out as default passwords—like routers set to “admin/admin” or phones using “1234.” People either never changed them or recycled them elsewhere.

So... What Now?

Still using the same password everywhere? Still relying on your pet’s name? It’s time to stop.

Here’s what you can do right now:

  • Use a password manager to create and remember complex passwords
  • Enable two-factor authentication (seriously—it’s your backup parachute)
  • Never reuse passwords across accounts
  • Change defaults as soon as you set up a new device

Because if there’s one thing this study proves, it’s that hackers aren’t the biggest problem—we are.

Need help tightening up your digital security? Managed Nerds can help you ditch weak passwords, protect your data, and sleep better at night.

Read more