Most Common Passwords of 2025: ‘123456,’ ‘Admin,’ and ‘India@123’ Among Easily Hacked Accounts

Most Common Passwords of 2025: ‘123456,’ ‘Admin,’ and ‘India@123’ Among Easily Hacked Accounts

Most Common Passwords of 2025: ‘123456,’ ‘Admin,’ and ‘India@123’ Among Easily Hacked Accounts

Share This News

Despite years of cybersecurity campaigns and countless warnings, millions of internet users continue to use weak and predictable passwords. A new global study by Comparitech has revealed that simple combinations like “123456,” “admin,” and “password” remain alarmingly popular in 2025, exposing countless accounts to easy hacks.

Researchers analyzed over 2 billion leaked credentials collected throughout 2025 from online forums, hacking groups, and data breach repositories. After removing duplicates and verifying authenticity, the team compiled a list of the most frequently used passwords. The results once again highlight a troubling trend: people consistently prioritize convenience over security.

The most commonly used passwords of 2025 are depressingly familiar:

IMG-20251219-WA0036
  • 123456 – used in over 7.6 million accounts
  • 12345678 – 3.6 million accounts
  • 123456789 – 2.8 million accounts
  • admin – nearly 2 million accounts
  • 1234 – 1.7 million accounts
  • Aa123456 – 1.4 million accounts
  • 12345 – 1.3 million accounts
  • password – just over 1 million accounts
  • 123 – 959,741 accounts
  • 1234567890 – 674,200 accounts

Other frequent choices include 1234567, 111111, Pass@123, P@ssw0rd, admin123, and 1111.

The report shows that numeric patterns dominate weak passwords, with nearly 39% of the top 1,000 containing the sequence “123” and around 2% using “321” in reverse order. Alphabetical sequences are just as vulnerable, with 3.1% including “abc.” Repetition is also common—“111111” ranks 18th, and even strings like “********” appear in the top 50.

Predictable words such as “password,” “admin,” and “qwerty” still rank high. According to the study, 3.9% of the top 1,000 passwords contain some form of “pass,” 2.7% include “admin,” and 1.6% feature “qwerty.” Even “welcome” appears in 1% of all analyzed cases, showing that users continue to underestimate password risks.

Close up on a password input field on a surface with binary numbers, a blueprint schematics and two padlocks on each side.

Interestingly, gaming and region-specific passwords have entered the mix. “Minecraft” appears nearly 70,000 times, ranking as the 100th most-used password, with another 20,000 variations using different capitalization. One standout entry, “India@123,” ranks 53rd, showing how local influences are creeping into global password trends.

Another key concern is password length. Experts recommend at least 12 characters for strong protection, yet 65.8% of passwords analyzed were shorter than that. Around 7% were under eight characters, and only 3.2% exceeded sixteen. Some of the most used passwords are extremely short—“123” (three characters) and “1234” (four characters)—making them easy prey for automated hacking tools.

Cybersecurity experts warn that weak passwords can be cracked in seconds using modern software. In contrast, long, complex passwords combining uppercase and lowercase letters, numbers, and special characters are far more resilient. They also emphasize the importance of using unique passwords for each account and enabling two-factor authentication (2FA) for added protection.

Comparitech’s study gathered leaked credentials from Telegram channels, dark web sources, and other data leak repositories. The data was carefully verified for accuracy and anonymized to protect personal information. Password rankings were then determined based on how frequently each one appeared in the dataset.

The findings reinforce a worrying truth: users still underestimate how easy it is for hackers to exploit predictable passwords. In an era of advanced hacking tools, relying on “123456” or “admin” is practically an open invitation for cybercriminals.

Experts urge users to adopt stronger, longer passwords and avoid predictable patterns. Simple sequences, common words, and reused credentials are no longer enough to protect personal data in today’s threat landscape.

Disclaimer: This article is for general awareness purposes only. Readers are encouraged to use secure password management tools, create complex passwords, and enable two-factor authentication to protect their accounts.

IMG-20250820-WA0009