Leeds, (Zahid Mirza) As 2025 draws to a close, cybersecurity experts warn that millions of internet users still rely on extremely weak passwords. A new report released by password-manager company NordPass reveals the year’s most commonly used — and most vulnerable — passwords.

According to the report, which analyzed leaked and dark-web data from September 2024 to September 2025, the password “123456” remains the most widely used globally. This marks the sixth time in seven years that it has topped the list. The second and third most common passwords were “admin” and “12345678” respectively.

Other frequently used passwords included 123456789, 1235, password, Aa123456, 1234567890, Pass@123, and admin123, all of which pose serious security risks due to their simplicity.

The report also examined password habits across generations.

Generation Z (1996–2010) mostly used numeric passwords like 12345, 123456, and 12345678.

Millennials (1981–1996) favored 123456, 1234qwer, and 123456789.

Generation X (1965–1980) also relied heavily on simple combinations such as 123456 and 123456789.

Cybersecurity specialists emphasize that every online account should have a unique, complex password to prevent hacking attempts. While technology companies are developing more secure, password-free login systems, widespread availability of these alternatives is still some time away.