Insufficient Security Online
Despite constant threats to cybersecurity, most users continue to use passwords that can be cracked in seconds.
According to a new large-scale study by Comparitech, which analyzed over 2 billion real credentials leaked in 2025, the top three most common passwords remain as primitive as ever:
'123456',
'admin'and
'password'.
Dangerous Combinations
This analysis shows that a critically large number of users ignore basic digital security rules.
- Digital Combinations: A quarter of the 1000 most common passwords consist only of digits. Almost 40% of them contain the sequence '123', and 2% — '321'.
- Common Words: About 4% of all popular passwords include variations of the words 'pass' or 'password', and 2.7% — 'admin'.
Passwords
'123'and
'1234'rank ninth and fifth respectively. Even such a simple repetition as
'111111'is the 18th most popular.
Expert Recommendations
The most popular password,
'123456', was found in the database 7.6 million times. Even such a specific password as
'India@123'turned out to be the 53rd most popular.
Experts recommend using passwords of at least 12 characters in length, as this significantly complicates cracking them using brute-force methods.
- Length: Use passwords that are at least 12 characters long.
- Complexity: Combine uppercase and lowercase letters, numbers, and special characters.
- Uniqueness: Each password should be unique for each service. This will protect against attacks where a compromised password is used to log into other accounts.
- Two-factor Authentication: Always enable two-factor authentication (2FA), which is the best protection against unauthorized access, even if your password has been compromised.
The conducted research showed that many users ignore basic rules for creating strong passwords. Experts recommend using complex combinations, unique passwords for each service, and always enabling two-factor authentication to protect their information from breaches.