In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict Using the most common passwords exposes you to major threats on the internet, including having your accounts hacked and your identity stolen. Unfortunately, many people unknowingly use weak, easily guessed passwords, leaving their accounts vulnerable to hackers and fraudsters.
This guide covers some of the most common passwords and provides tips on fixing weak passwords and creating strong alternatives. I’ll also highlight the importance of using a reliable password manager to enhance your online security. Do you use one of the most common passwords?
- Show Full Guide
NordPass – Overall Best Password Manager for Storing Strong Passwords
Total Password – Best Browser Password Manager for Generating Strong Passwords
The Top Password Managers for Saving Strong, Unique Passwords
- NordPass – Overall best password manager for storing strong passwords
- 1Password – Best password manager for securely sharing passwords
- Total Password – Best browser password manager for generating strong passwords
The Dangers of Using a Common Password
Hackers use sophisticated tools and strategies to crack weak passwords. This can include using tranches of encrypted passwords exposed in data breaches, running common passwords through the same encryption process, and identifying which logins from the data breach match. These brute-force attacks are able to reveal a shockingly large percentage of passwords.
Having access to your login details can give hackers access to:
- Personal information – Your email, social media accounts, and other online profiles may contain sensitive data like your address, phone number, and your birthdate. Hackers can use this information for identity theft and phishing attacks.
- Financial data – If hackers gain access to your banking or online shopping accounts, they can drain your funds, make fraudulent purchases in your name, and take out loans and credit cards.
- Online reputation – Compromised social media and email accounts can be used to spread misinformation, send spam, and damage your relationships.
- Digital devices – In some cases, hackers can exploit easy-to-guess passwords to gain access to your devices, leading to data loss, malware infections, and even hardware hijacking.
Beyond these direct consequences, having your accounts hacked and dealing with the issue can be financially draining, time-consuming, and extremely stressful.
I strongly recommend protecting yourself from these dangers by prioritizing strong password security. The best way to do this is with a password manager like NordPass, which makes it easy to store strong, unique passwords and easily access and share them.
The Most Common Passwords – The Weakest Passwords in 2025
Many people opt for convenience over security and use alarmingly common and weak passwords. In its sixth annual survey, password manager provider NordPass analyzed more than 2.5TB of password data from publicly available sources to find the most commonly used passwords across 44 countries and create a list of the most common passwords.
Based on their findings, here are the top 20 worst passwords you can use:
- 123456 – This is the most common password around, and it tops the list year after year due to its simplicity. It’s arguably the world’s worst password and was counted over 3 million times in the dataset, nearly twice as many times as the second item on the list.
- 123456789 – A slight expansion on the top choice, but one that’s still easily cracked – and which doesn’t include letters or symbols.
- 12345678 – Predictably, cutting a digit doesn’t offer any more security.
- password – The word “password” is a terrible choice for a password and is often the system default.
- qwerty123 – Typing out the top row of letters on a qwerty keyboard is a very predictable sequence, and adding an obvious numerical sequence doesn’t help much.
- qwerty1 – If anything, adding fewer digits makes this password even less secure.
- 111111 – Repeating characters makes passwords weak, and this is about as weak as you can get.
- 12345 – This is another extremely short and basic numerical sequence.
- secret – This password might seem clever, but it’s been thought of before. It’s also the most popular password in the United States.
- 123123 – Simple repeating patterns are easily guessed, and this one is very basic.
- 1234567890 – This is another numerical sequence that’s both predictable and easy to type.
- 1234567 – This simple sequence won’t provide much protection for your account.
- 000000 – I’d advise never creating a password that simply repeats one character, however long.
- qwerty – Given that this password doesn’t even include numbers, it’s very weak.
- abc123 – If anything, this password might be simple enough for a small child to guess it.
- password1 – Adding a single digit to a common term doesn’t make for a strong password, unfortunately.
- iloveyou – While the message might be sincere, here, it’s a very common sentiment.
- 11111111 – This password is eight characters long, but it’s still very weak.
- dragon – Whether people were inspired by 2024, the Year of the Dragon, or their favorite TV show, this common term makes for a weak password.
- monkey – Similarly, it seems like a lot of people simply love monkeys.
Other common passwords seen in previous years include:
- Default password settings, such as Password, root, and admin.
- Minor variations on defaults, like admin123 and P@ssw0rd.
- Simple numerical strings, often including repetition, like 123123123, 00000000, 1234, 123, 12345678910, and 1111.
- Very simple sequences of numbers and letters, like a123456 and Aa123456.
Important Takeaways from the Most Popular Passwords
- Predictable patterns, regardless of length, are easily cracked.
- Personal information like names, birthdays, or addresses are vulnerable.
- Reusing passwords across multiple accounts is a huge security risk.
Ready to learn how to create better passwords? Let’s move on to password security best practices.
How To Ensure You Never Get Caught Out Online with Weak Passwords
Hackers routinely test lists of the 10,000 most common passwords against database breaches, so it’s essential to change your password if it appears on a most common passwords list.
Creating secure passwords and managing them effectively is essential for your online safety, and good password habits begin with password creation. I recommend following these best practices:
Password Checklist
- Length is key – Aim for a minimum of ten characters, but keep in mind that longer is always better and will make your password far harder to crack than the most common 6-digit passwords.
- Mix it up – Combine uppercase letters, lowercase letters, numbers, and special characters, such as @, #, $, and %, to make a more random password. None of the entries on the common password list above use any special characters.
- Avoid the obvious – Never use your name, birthdate, address, pet’s name, or other easily obtained personal information.
- No dictionary words – Hackers use software that checks against common dictionary words – and single words are easy to crack.
- Uniqueness is essential – Make sure to use unique, complex passwords for your most important online accounts. Otherwise, one cracked password could unlock all your accounts.
- Embrace randomness – Most good password managers include password generators that can create complex, unique, and truly random passwords. These will be harder to guess and more secure than passwords you make up on your own.
- Change them regularly – You should update your passwords every few months, especially for critical logins like your banking and email accounts.
- Don’t use the same passwords across devices – Many of the most popular passwords overlap with the most common phone passwords. Don’t use simple numerical strings to save remembering another login, as doing so exposes your accounts to serious risks.
- Don’t share your passwords via non-secure channels – Sharing your passwords with others adds significant risks, from potential loss of ownership to unwanted privacy breaches. If you really need to, here’s our guide to how to share a password safely.
Here’s an example of creating a strong password. Let’s use the passphrase, “I ate pizza with David in 1990.”
- Abbreviate – IapwDi1990
- Add symbols – Iap$$wDi1990!
- Mix case – IaP$$WdI1990!
This password is long, complex, and unrelated to your personal information.
The tips above will help you create a secure password, but I also recommend taking the following steps to further secure your accounts:
- Use a Password Manager – These tools offer a secure vault to store all your passwords while keeping them easily accessible. They can generate strong, unique passwords for each site and autofill them when you log in, and you only need to remember your master password. I recommend NordPass as the best provider on the market.
- Consider Using Passphrases – Instead of a single word, create a memorable phrase or sentence, then turn it into a password. For example, “My favorite place to ski is Aviemore!” might become “MfptsiA!.”
- Use Two-Factor Authentication (2FA) – Whenever possible, enable 2FA or MFA. It adds an extra layer of protection, usually requiring you to enter a code sent to your phone or generated by an app and used in conjunction with your password. See our guide to how to set up and use Google Authenticator for more information.
Summary – Avoiding the Most Common Passwords and Weak Security
Passwords are your first line of defense for your accounts and your data. By understanding the dangers of using weak passwords and implementing good security practices, you can significantly reduce your exposure to cyberattacks.
I strongly recommend using a password manager like NordPass, regularly updating your passwords, and making sure to take advantage of two-factor authentication. Most importantly, you should protect your online identity and assets by creating strong, unique passwords for all your accounts and storing them securely.
