The worst passwords of 2025: if you are using any of them, you could be a victim of the next cyberattack.

The most used passwords in 2025 are also the most vulnerable. Some can be hacked in less than a second.

A specialized site showed which passwords must be avoided because they are very common and easy to guess.

These are the most used passwords in 2025 (and the ones you should never keep using)

The most used passwords in 2025 reflect a worrying trend: millions of users worldwide continue to opt for predictable, weak, and extremely easy-to-hack combinations. In the midst of the artificial intelligence era, cyberattacks are faster and more effective, and insecure passwords are the first entry point for digital criminals.

A recent report from the specialized portal Comparitech, based on the analysis of over 2 billion leaked credentials on the dark web, reveals that passwords like “123456”, “admin”, and “password” continue to top the global list. And the most alarming part: many can be cracked by an attacker in less than a second.

👇👇 You might also be interested in this article 😀

Ciberdelito: cuidado con el "RAT", el troyano que puede controlar tu celular

The 20 most common passwords of 2025

The Comparitech ranking positions “123456” as the most used password in the world, found in 7,618,192 accounts analyzed. Other equally simple numeric combinations follow:

12345678, used 3,676,487 times.
123456789, in 2,866,100 accounts.
admin, found in nearly 2 million records.
password, the most obvious word, used 1,082,010 times.

Among the 20 most frequent, there are also variations like “111111”, “admin123”, “qwerty”, and “abc123”. In the hundredth position, a more curious one appears: “minecraft”, a password inspired by the famous video game, but equally vulnerable.

These data show a worrying reality: simple passwords continue to dominate the digital landscape, which poses a huge risk to users' privacy and security.

The 20 most used passwords in 2025 (Comparitech)

A weak password does not protect; on the contrary: it exposes you

The logic behind the use of such passwords is often convenience. They are easy to remember, quick to type, and universal. However, it is precisely those qualities that make them incredibly dangerous. Cybercriminals use automated techniques like brute force attacks, capable of testing millions of combinations per second until they find the correct one.

A technical report from Hive Systems, specialized in cybersecurity, showed that some of the most commonly used passwords can be cracked in less than a second, while the most secure ones can take centuries to be compromised if well-structured.

What makes a password weak

The Comparitech analysis identifies common patterns among the most used passwords:

Exclusively numeric combinations.
Common words in English (like “admin” or “password”).
Keyboard sequences (like “qwerty” or “asdfgh”).
Words linked to popular interests (like video games, sports, or celebrity names).
Passwords of only eight characters (which represent 18% of the total), while only 7% reach 15 characters, considered more secure.

Moreover, many people reuse the same password across multiple services, meaning that if one site is breached, all others are at risk as well.

How can account security be improved?

Although passwords remain one of the main security barriers on the internet, experts agree that they are no longer sufficient on their own. The current recommendation is to combine them with an extra layer of security, such as two-factor authentication (2FA). This means that even if the password is stolen, an additional code (sent to the mobile or generated by an app) will be needed to access the account.

This is how the system that will replace passwords works

In parallel, the use of a new, more secure authentication standard is being promoted: passkeys. These access keys use biometric methods (fingerprint, facial recognition) or a local PIN to validate the user's identity. They are based on the FIDO2 (Fast IDentity Online) protocol, developed to replace traditional passwords with a more robust system that is practically invulnerable to leaks.

Passkeys work by generating a unique cryptographic key: the public part is stored on the website, while the private part remains stored locally on the user's device. This means that even if a website suffers an attack, hackers will not be able to access the actual access keys.

What to avoid in a password

For those who still use conventional passwords, experts recommend applying certain basic security practices:

Avoid short passwords: ideally, they should have at least 12 characters.
Do not use personal information: names, birth dates, or phone numbers are too easy to guess.
Combine uppercase and lowercase letters, numbers, and symbols.
Do not repeat passwords across different accounts.
Regularly change the most sensitive passwords, such as those for online banking, email, or social media.

If remembering multiple complex passwords is challenging, a good solution is to use a reliable password manager, which stores all passwords in a secure vault and autofills them when needed.

Passwords remain popular, but they need to change

Despite the rise of more modern systems like passkeys, the reality is that traditional passwords continue to be the most used method in the digital world. Therefore, improving their quality is more urgent than ever. Using predictable combinations like “123456” or “admin” is equivalent to leaving the door open on the internet.

Moreover, it is important to educate the younger generation, as many weak passwords are linked to teenage interests like video games or social media. Fostering a safe digital culture from an early age can make a significant difference in the long run.

How secure is your current password?

A simple way to check if a password has been leaked in any security breach is to visit platforms like Have I Been Pwned, where you can enter a password (securely) and verify if it has been compromised in any public data leak.

If so, the most advisable action is to change it immediately and update it across all services where it has been used.

Cybersecurity in the age of AI: the basics are no longer enough

With the advancement of artificial intelligence and automated hacking methods, protecting an account with a simple password is no longer a secure option. Now more than ever, awareness, tools, and habit changes are needed to protect digital identity.

Because, although it may seem exaggerated, a weak password can be the start of a great loss: access to bank accounts, identity theft, leakage of private photos, or even massive scams.

In cybersecurity, the easy way is dangerous.

Life in Positiva Newsroom

The worst passwords of 2025: if you are using any of them, you could be a victim of the next cyberattack.

Ciberdelito: cuidado con el "RAT", el troyano que puede controlar tu celular

The 20 most common passwords of 2025

The 20 most used passwords in 2025 (Comparitech)

What makes a password weak

How can account security be improved?

This is how the system that will replace passwords works

What to avoid in a password

How secure is your current password?

If your last name is on this list, your lineage could be 100% Spanish (and you didn't know it)

New tax benefit of 2,550 euros for families with seniors over 65: requirements and how to access

What it means for twins or multiples to be born in the family: beyond biology

What no one saw coming in "Paradise," the series that changes everything starting this Monday on Disney+

Forget about walking fast: tai chi walking is the technique that many start to practice and few know why it changes balance so much.

Mortgage loans: middle class, young people, and employees

Climbing stairs: the exercise that many overlook and that experts recommend for heart health.

Yokoi Kenji: "Discipline will, sooner or later, overcome intelligence."

What is a Googol and why is it such a giant number?

Monotributo 2026: ARCA updated the complete table of quotas and billing limits by category