Decided to click on some countries and im pretty sure some of irelands ones are for tv shows.
Always make sure to pick a popular password people, you don't want your hacker to think you are a special snowflake.
Can't run the risk of being fingerprinted, privacy and anonymity first!
Am I unreasonably disappointed to not find “Correct Horse Battery Staple” - or some variation thereof - in that list?
P@ssw0rd is ahead of Password. Times they are a changin
It'll just be that a lot of password systems insist on a number in a special character.
Most places force you to put a number and a special character in there now, the number of places you can get away with just a word for a password is dwindling
I know a couple of people who think they are clever for these kinds of substitutions, I can probably use this fact on them. Not sure they will change their ways after, they kinda oppose any change.
Top 3 are still the same from previous years
It’s official: “123456” has once again claimed the controversial title of the world’s most common password — and one of the weakest. That marks six out of seven years this password has topped our chart
oop. looks like I need to got nine characters!
How can I get to Sesame Street?
Except among Zoomers, with whom the most common password is 67
Your top list is for Gen Z's where #1 is "12345, combining for everyone #1 is 123456.
12345
That's amazing. I've got the same combination on my luggage!
All I see is *****
Looking at the different countries is also funny. The only password I'm not surprised about is admin, because that's probably the default for most devices maybe? Unless user changes it manually.
But my question is, are these only "hacked" passwords? Because those who are not hacked, you don't know what passwords they have. So this is a bit of bias here, right?
But my question is, are these only “hacked” passwords? Because those who are not hacked, you don’t know what passwords they have. So this is a bit of bias here, right?
No, that's not how these are obtained. Password dumps are from attackers breaching a site's user database and dumping their credentials, usually by phishing administrators' logins. Attackers are brute-forcing passwords anymore except on a one-off, very rare basis. Here's a list of publicly-known password dumps, and you can see details about where they came from: https://haveibeenpwned.com/PwnedWebsites
Ah right, that makes sense. I know that site, but didn't think of. I know not the smartes in the town.^^
I also wonder if people do more secure passwords for important services. Or do they treat it the same? My parents always used their birthday as password, so they do not forget it. Which not much more secure than 1234.
I also wonder if people do more secure passwords for important services.
In my experience, most people have at most 2-3 passwords, and some do choose a "more secure" one for things like banking and work. Very few people use a password manager.
Thankfully this isn't allowed for new devices being sold in the EU anymore. They are required to have a per-device individual password now. Hopefully this effectively causes the practice to at least become much less common globally. After all, if you've setup the needed manufacturing steps, there's little sense in skipping them depending on a target region.
You didn't fill in the survey when the password inspector sent you that email? Rude!
Thankfully my password, hunter2, isn't in there.
Why would a string of * be in there?
For the longest time the admin password for the router at work was PasswordReset.124, the useless penetration testers didn't even pick up on it.
I've changed it to something actually random and then, following established industry standard security practises, somebody else has gone and written it on a post-it note, and stuck it to the router. So we're all fine now.
I'm extremely tempted to "hack" the network and bring it down only to be the hero that brings it back up after a few hours of non-productivity. But I feel like if they found out that might be a firing offence.
Especially now that you committed it to this federated website.
Long passwords are more secure which is why I chose PasswordAdminQwertyAbcdefg1234567890987654321
theworldinyourhand
Really? is that from something?
..a super prolific autistic account hoarder ?
Damn, doesn't load for me :/
Good news everyone ! "top 200 most common passwords" isn't in the list, so we can keep using that one !
There was a post on here a while ago about the most popular four digit PIN numbers. I think the top five were
1234
7890
1212
1111
And 1701
We're are all so original
No 8008 on the list?!
Kinda hard to be original with four digit PINs. Of course there's some worse choices than others, but 9999 possible combinations really limit creativity.
do they account for the circumstances?
most public wifi login pages get: u: abc@def.com p: qwerty
from me.
I assume those types of services get breached all the time and no one cares. I think they just want plausible deniability on acceptable use of the wifi.
Methodology
The Top 200 Most Common Passwords report is the result of a joint effort between NordPass and NordStellar, prepared in collaboration with independent researchers specializing in cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed from September 2024 to September 2025 to identify statistically aggregated data. No personal data was acquired or purchased for this research.
Okay, so how valid is this really if they're only using those passwords that were hacked?
It's very valid. The password dumps they're analyzing aren't based on attackers brute-force, they're based on attackers breaching sites' backends and dumping the user databases. Some of these are sites with millions of records, and when you look at credential-stuffing lists (which are aggregate lists of currently-accessible accounts using previously-breached credential pairs), it adds millions more.
Sort this list by year, and you can see there's tens of millions of leaked passwords in 2025 alone: https://haveibeenpwned.com/PwnedWebsites
That makes sense, thank you.
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.