• Source:JND
Add as a preferred

Common passwords 2025: In yet another reminder of how predictable user behaviour continues to aid cybercriminals, a new global study has found that the world's most commonly used passwords in 2025 remain shockingly simple. According to UK-based cybersecurity research firm Comparitech, millions of users still use passwords like '123456', 'admin', 'password', and 'India@123', leaving their online accounts dangerously exposed to hacking.

Researchers analyzed more than 2 billion compromised accounts found on data breach forums this year alone. They found that weak and repetitive passwords still dominate, despite repeated warnings by cybersecurity agencies and tech firms themselves.

‘123456’ Tops List, Used By Over 76 Lakh People

According to the report, ‘123456’ emerged as the most used password of 2025. More than 7.6 million people across the world were found using it, while ‘admin’ and ‘password’ featured in the top five. The password ‘India@123’ ranked 53rd on the list of 100 most-used passwords across the globe, which goes on to prove that such generic country-based passwords are still extremely popular among Indian users.

The top 10 common passwords for 2025 are:

1. 123456

2. 12345678

3. 123456789

4. admin

5. 1234

6. Aa123456

7. 12345

8. password

9. 123

10. 1234567890

Experts noted that nearly one in every four passwords was all numbers, and almost 38% contained the sequence ‘123’, with the result that they could easily be guessed by brute-force or automated hacking tools.

‘Human Laziness’ Behind Weak Passwords

The researchers at Comparitech say that "human laziness" is still one of the greatest causes of bad password behavior. Many people reuse very simple passwords across multiple platforms, prioritizing convenience over security. This, warned the report, makes it "as easy as ABC and 123" for hackers to gain unauthorized access.

Interestingly, the report came just weeks after a shocking revelation from France, where it was revealed that the core security system of the Louvre Museum had been protected by the easily-guessed password "LOUVRE." It was France's National Cybersecurity Agency, ANSSI, that discovered this while probing a daylight robbery at the museum last month involving Rs 900 crore.

Tech giants like Google and Microsoft have been encouraging users to shift away from password-based logins. Phishing and credential theft, according to Google, are now responsible for nearly 37 per cent of all cyber intrusions, driven by reused or leaked passwords. At the same time, Microsoft is actively encouraging users to adopt passwordless authentication methods, including hardware security keys and biometric logins, to minimize password theft.

ALSO READ: Did ChatGPT Cause Suicides And Mental Harm? Families Sue OpenAI, Claims Report

How To Create Strong Password

According to America’s Cyber Security Defense Agency, First, make your passwords long; a good password needs to be at least twelve to sixteen characters, since the longer a combination is, the more exponentially hard it is to crack.

The second rule is to make them random. Don't use anything predictable, like your name, birth date, or the word “password.” As an example, the password cXmnZK65rf&DaaD* or Yuc8$RikA34%ZoPPao98t is way stronger than some simple word or sequence of numbers. And the third rule, perhaps most overlooked, is to make every password unique. Reusing passwords across accounts is one of the largest mistakes made by users. Each account should have its own separate password so that if one is compromised, others remain protected.

ALSO READ: AI Deathbots Are Letting People ‘Speak’ To Dead? Researchers Expose Truth Behind ‘Digital Afterlife’

As cyber threats continue to rise globally, the study serves as a stark reminder that, in the digital age, security begins with smarter passwords.

Also In News