“123456”, “admin” and “password” are the passwords that users most often choose to protect access to their accounts in digital services, but due to the ease they provide for guessing, they do exactly the opposite: they put account security at risk.
The specialized portal Comparitech has compiled the 100 most used passwords in 2025, a table they obtained from the combined data of more than 2,000 million account credentials leaked through criminal channels, after checking those that were updated up to this year.
In its classification, “123456” appears as the most frequently used password, specifically in the 7,618,192 accounts analyzed. Next in order are “12345678”, found in 3,676,487 accounts, and “123456789”, found in 2,866,100 accounts.
Next comes the “administrator” password, which protects 1,987,808 accounts. “password” (1,082,010), “111111” (326,154), and “admin123” (306,343) are examples of weak passwords that are among the 20 most common passwords. In last place, in position number one hundred, is “Minecraft” (69,464).
The classification reveals the use of weak passwords, which pose no challenge to cybercriminals because they can easily guess them. One of the categories is those that contain numbers only, and they represent a quarter of the most common passwords, according to the specialized portal.
It is also common to use common and easy-to-remember words, such as “admin” and “qwerty” – which follow the arrangement of a row of keyboard keys – and “password”. In terms of length, the most common passwords are eight characters (18%), while those with 15 characters account for only 7%.
Recommendations for a secure password
Currently, passwords are not viewed as an effective security measure, and it is recommended to supplement them with a second factor – a one-time code or mobile consent – that prevents their theft from allowing access to the victim’s account.
As an alternative, the use of access codes or “passkeys” is being promoted, which only require the user to authenticate using their face, fingerprint, or PIN. It is based on the Fast Identity Online 2 (FIDO2) standard, which secures login using an encryption key.
This key is public on the website and private on the user account where it is stored (a Microsoft or Google account, for example), which means that if the website suffers a security breach, the account will remain secure.
However, passwords are still very popular, and therefore it is worth remembering that they must be strong, in order to perform their function. To do this, you should avoid those that are too short or that can be easily guessed – such as those listed in the Comparitech classification – as well as those that include personal information.
It is recommended that it be a minimum of eight characters in length – ideally longer – in upper and lower case letters with numbers and symbols appropriate, and unique for each account. If they are difficult to remember, it is better to use a password manager, which stores them and allows you to change them when necessary.
About The Author
