The most common passwords in 2025 are ‘123456’, ‘admin’, and ‘password’, according to a new study by Comparitech.
For this analysis, Comparitech researchers aggregated more than 2 billion real account passwords leaked on data breach forums in 2025. Using that data, we amassed a list of the most-used passwords.
The top 10 most-used passwords are:
- 123456
- 12345678
- 123456789
- admin
- 1234
- Aa123456
- 12345
- password
- 123
- 1234567890
The table below shows the top 100 most common passwords, along with how many times each appeared in our data set.
Guessing a password is as easy as ABC 123
In a showcase of human laziness, a striking number of passwords are easily-guessed ascending or descending numbers.
- One-quarter of the top 1,000 passwords consisted solely of numbers.
- 38.6% contained the string of numbers ‘123’. Another 2% contained the descending numbers ‘321’.
- In a similar vein, 3.1% contained the string of letters ‘abc’.
- Many common passwords are made up of a single character. ‘111111’ is the 18th most used, and ‘********’ is ranked #35.
Common words and phrases
Those numbers and letters are often combined with equally weak words like ‘password’, ‘admin’, and ‘qwerty’.
- 3.9% of the top 1,000 most-common passwords contained some variation of the words ‘pass’ or ‘password’.
- 2.7% contained a variation of the word ‘admin’.
- 1.6% contained the string ‘qwerty’.
- 1% contained the word ‘welcome’.
The word ‘minecraft’ is the 100th-most common password in our data set, appearing nearly 70,000 times, plus another 20,000 times with the alternative casing ‘Minecraft’. By contrast, ‘123456’ appeared 7.6 million times.
Ranked 53rd, ‘India@123’ stood out as a very common but less generic password.
Passwords by length
Most experts recommend a password length of at least 12 characters. Increasing password length significantly reduces the chances of it being cracked.
-
- 65.8% of the passwords we analyzed had fewer than 12 characters
- 6.9% had fewer than 8 characters
- 3.2% used 16 or more characters’
The ninth-most common password contains just three numbers: ‘123’, while the fifth, ‘1234’, is just four.
Why it matters
Modern password cracking programs make short work of weak passwords. Common passwords are easily guessed. Short passwords are easily brute-forced.
By contrast, a strong password will most likely never be cracked. Strong passwords are at least 12 characters long and contain a combination of lower- and upper-case letters, numbers, and symbols. They should be sufficiently random so as to not contain any easily recognizable patterns. Test the strength of any password, or create a new one, using our handy tool.
The strength of your password is not everything, however. Every password should be unique so that it cannot be used in credential stuffing attacks. When possible, users should enable two-factor authentication to prevent account takeovers even if a password is compromised.
Methodology
Comparitech researchers aggregated more than 2 billion account credentials from data leak forums on Telegram and other channels. In order to obtain the most recent data possible, researchers either correlated the data with breach reports posted by organizations, or directly asked the user posting the data how old it is. We only included data that we are reasonably confident was breached in 2025.
Researchers anonymized the data to remove any personally-identifiable information and sanitized it to remove abnormalities.
We ranked the most-used passwords by how many times each password appeared in the resulting data set.
