2025 Password Data Shows Familiar Patterns Persist Worldwide

Despite years of warnings, billions of leaked credentials from 2025 reveal users are still clinging to weak passwords.

Researchers at Comparitech analyzed more than two billion exposed passwords from data breaches shared across forums and Telegram. The findings show the same tired combinations topping the charts once again.

“123456” appeared over 7.6 million times, securing first place.
“12345678” and “123456789” followed closely.
Words like “admin” and “password” remain in the global top ten.

Even minor variations like “Pass@123”, “P@ssw0rd”, or “Aa123456” ranked highly, showing users still value convenience over protection. The term “minecraft” surfaced nearly 90,000 times, while region-specific entries like “India@123” also made the list.

The data exposes a stubborn pattern:

25% of top passwords use only numbers.
38.6% include “123.”
65.8% are under 12 characters.

Short, predictable strings make brute-force cracking almost instant. A 12-character password mixing letters, numbers, and symbols could take billions of years to break—yet only 3% of users go that far.

The real problem? Recycling. People reuse old passwords across multiple accounts, fueling credential-stuffing attacks that can compromise entire networks.

Experts urge stronger habits: use unique, randomly generated passwords of at least 12–16 characters, and enable two-factor authentication.

Until users adopt the cybersecurity basics, familiar strings like “123456” and “password” will keep topping the world’s weakest passwords list.