“123456,” “admin,” and “password” are the passwords most often chosen by users to protect access to their accounts on digital services, but they are easy to guess, putting the security of your account at risk.
Specialist portal Comparitech has compiled the 100 most used passwords of 2025. This table was created by checking the aggregate data of more than 2 billion account credentials that have been leaked through criminal channels, updated to date this year.
In that classification, “123456” appears as the most used password in the 7,618,192 accounts analyzed specifically. Next, “12345678” exists in 3,676,487 accounts and “123456789” exists in 2,866,100 accounts.
Next is the “admin” password, which protects 1,987,808 accounts. “password” (1,082,010), “111111” (326,154), and “admin123” (306,343) are examples of the 20 most frequently used weak passwords. The bottom 100 is “minecraft” (69,464).
This classification reveals the use of weak passwords. Passwords are not a problem for cybercriminals because they are easy to guess. One category, containing only numbers, accounts for a quarter of the 1,000 most common passwords, according to the specialized portal.
It’s also common to use common, easy-to-remember words such as “admin,” “qwerty” (according to the order of the keys on your keyboard), and “password.” By length, the most common password length is 8 characters (18%), while only 7% are 15 characters long.
Secure password recommendations
Currently, passwords are not considered an effective safeguard, and it is recommended that passwords be supplemented with a second factor to prevent password theft from gaining access to a victim’s account: a one-time code or mobile authorization.
As an alternative, the use of access codes or “passkeys”, which require users to simply authenticate with their face, fingerprint, or PIN code, is being promoted. These are based on the Fast IDentity Online 2 (FIDO2) standard, which uses encryption keys to secure logins.
This key is public on your website and private on your saved user accounts (such as your Microsoft account or Google account). This means that even if your website suffers a security breach, your account will still be safe.
Still, passwords remain extremely popular, so it’s worth remembering that they must be strong in order to do their job. To do this, you should avoid anything that is very short, easily guessable, such as those included in Comparitech’s classification, and anything that contains personal information.
We recommend a minimum length of 8 characters (the longer the better), proper uppercase and lowercase letters, numbers and symbols, and uniqueness per account. If you have trouble remembering them, it’s best to use a password manager where you can save your passwords and change them as needed.
About The Author
