People tend to opt for passwords they can easily remember, thereby prioritising convenience over the security of their personal data. This, therefore, gives hackers the ability to monitor password trends and breach their data.
A recent report by NordPass, a password manager platform, titled “Top 200 Most Common Passwords”, revealed that “123456” is the most used password globally, generating usage by 21.6 million people. The report covered over 40 countries, spanning the period between September 2024 and September 2025.
In addition, the findings in the report showed that people often use first names or a surname alongside some numbers, such as “promise123” or “Joan89.” It noted that passwords like this are easily exposed, as hackers are aware of this common trend among internet users
“In each country, the most common first names and surnames often appear in passwords, proving that geography and culture play a significant role in shaping common — yet vulnerable — security practices,” it added.
In its methodology, the report analysed recent public data breaches and dark web repositories from September 2024 to September 2025.
The table below shows the top 10 most-used passwords in the world
| Rank | Passwords | Counts |
| 1. | 123456 | 21.6 million |
| 2. | admin | 21.03 million |
| 3. | 12345678 | 8.3 million |
| 4. | 123456789 | 5.7 million |
| 5. | 12345 | 4 million |
| 6. | password | 3.5 million |
| 7. | Aa123456 | 2.5 million |
| 8. | 1234567890 | 1.4 million |
| 9. | Pass@123 | 1.2 million |
| 10. | admin123 | 1.1 million |
Also Read: Nigeria has suffered 23 million email account breaches since 2004 – report.
Inter-generational breakdown
While the world continues to evolve with generational shifts from “Generation X” to “Millennials” and then “Generation Z,” the use of simple passwords remains the same.
The report explained that while “Generation Z” are more exposed and perceived to be cybersecurity aware. The report tagged this as a “misconception,” with claims that they have a similar habit of using simple passwords as older generations.
“The password habits of an 18-year-old are strikingly similar to those of an 80-year-old. Where we expected discerning differences, we actually faced a striking uniformity in vulnerabilities. ‘12345’ and ‘123456’ emerged as the top password choices in every age group, ” it said.
Generations are classified as follows:
- Generation Z (1997-2007)
- Millennials (1981-1996)
- Generation X (1965-1980)
- Baby boomers (1946-1964)
- Silent generation (born before 1946)
The table below shows the top 10 most used passwords in each generation
| Passwords | |||||
| Rank | Generation Z | Milennials | Generation X | Baby boomers | Silent Gen |
| 1. | 12345 | 123456 | 123456 | 123456 | 12345 |
| 2. | 123456 | 1234qwer | 123456789 | 123456789 | 123456 |
| 3. | 12345678 | 123456789 | 12345 | 12345 | susana |
| 4. | 123456789 | 12345678 | veronica | maria | marta |
| 5. | passsword | 12345 | lorena | Contrasena | margarita |
| 6. | 1234567890 | 1234567890 | 12345678 | susana | Contrasena |
| 7. | skibidi | password | 1234567 | silvia | 123456789 |
| 8. | 1234567 | 1234567 | valentina | graciela | 12345678 |
| 9. | pakistan123 | Contrasena | teckiss | monica | virginia |
| 10. | assword | mustufaj | follar | claudia | rodolfo |
Password safety tips
Despite efforts to educate users about cybersecurity through awareness campaigns, the report shows little improvement in widespread password management and security consciousness.
While breach cases continue to rise, the following tips, as outlined in the report, can be used to protect personal data against cyberattacks.
(1.) Use strong passwords and passphrases: A strong password should contain at least eight characters with a mix of uppercase and lowercase letters, numbers, and special symbols.
The use of sequences of words known as passphrases is also encouraged. Passphrases are hard for hackers to guess but easy for users to remember. For instance, “Il0v3Nig3ria!”
(2.) Keep all passwords unique: Using unique passwords for all accounts ensures that even if one of them is breached, the rest will remain secure.
(3.) The use of a password manager: This helps to generate, store, and manage all passwords, ensuring that they’re securely protected and always within a user’s reach. Commonly used password manager apps are Bitwarden, Dashlane, Keeper, and NordPass.
(4.) Enable multi-factor authentication: Switching on multi-factor authentication (MFA) adds an extra layer of security to an account. Each time a user logs in, they will need to verify their identity, making it difficult for cybercriminals to access accounts.
Notably, the use of Passkey has been considered another reliable way for users to keep their accounts protected. It utilises a device’s built-in features, such as a fingerprint, face scan, PIN, or pattern, to authenticate users without needing to remember passwords.
