The most used password in the United States in 2025 revealed
NEWNow you can listen to News articles!
Passwords play a very important role in keeping you safe online. They protect your accounts, devices and money. Still, many people choose logins that criminals can guess in seconds.
The latest NordPass report shows this problem again. This year, “admin” ranked first as the most common password in the United States.
NordPass and NordStellar, two cybersecurity companies that track leaked credentials and online threats, reviewed millions of exposed passwords to spot trends. They also examined how password habits differ between generations. The pattern is clear: many of us still rely on simple words, easy strings of numbers, and familiar keyboard patterns. These options give attackers a quick path to countless accounts.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW
Weak passwords like “admin” give attackers a quick way to get into your accounts before you know it. (Kurt “CyberGuy” Knutsson)
Most common passwords in the United States
NordPass shared its top 20 list for 2025. “Admin” takes the number one spot. Variations of the word “password” occupy five places. The number strings appear nine times. An explicit term is even listed.
Here are the 20 most common passwords in the US this year:
- administration
- password
- 123456
- 12345678
- 123456789
- 12345
- Password
- 12345678910
- Gmail.12345
- Password1
- aa123456
- foot
- 1234567890
- abc123
- Welcome1
- Password1!
- password1
- 1234567
- 111111
- 123123
Weak logins remain a major problem because criminals rely on automated tools. These tools first test simple words and common patterns. When millions of people reuse the same simple passwords, attackers quickly succeed.
HOW TO USE PASSWORDS TO KEEP YOUR COMPUTER SECURE
Reusing the same login across sites makes it easier for criminals to jump from one hacked account to another. (Kurt “CyberGuy” Knutsson)
Global trends show the same risky behavior with passwords
The United States is not alone. Globally, “123456” is the most common password. “Admin” and “12345678” follow closely. These patterns appear because they are easy to remember. Unfortunately, they are also easy to decipher.
The researchers noticed one noteworthy change: more passwords now include special characters. The increase is pronounced. However, most examples are still weak. Strings like P@ssw0rd and Abcd@1234 follow predictable rules that tools can break with little effort.
The word “password” is still popular all over the world. People even use it in local languages. This shows how widespread the problem is.
Why younger generations still choose insecure passwords
Many people assume that younger adults understand digital security. They grew up with phones and social media. Research shows that this assumption is wrong.
NordPass found that an 18-year-old often chooses the same weak password patterns as an 80-year-old. Younger users prefer long number sequences. Older users lean towards names. No groups create secure or random chains. Generations Z and Y tend to avoid names. Generations X and older use them frequently. Each approach carries risks because attackers expect both patterns.
AI-POWERED SCAMS TARGET CHILDREN WHILE PARENTS REMAIN SILENT
The researchers found that weak and predictable passwords still appear again and again in the leaked data. (Kurt “CyberGuy” Knutsson)
Why weak passwords are still a big threat
Weak passwords feed data breaches and account takeovers. Criminals run scripts that verify billions of combinations every second. When your password is common, they enter it quickly.
A single stolen login can expose your email, social accounts, banking information, and more. Many attacks start this way. Once criminals get into one account, they often try the same password on others.
Steps to stay secure with your passwords
You can improve your digital security with a few simple habits. These steps help block common attacks and protect your accounts.
1) Create strong random passwords
Choose long passwords or short passphrases. Aim for at least 20 characters. Mix letters, numbers and special characters. Avoid patterns.
2) Avoid password reuse
Use a unique password for each account. If one login is hacked, the others remain safe.
3) Review and update weak passwords
Check your previous logins. Replace anything that is short, predictable or reused. New passwords reduce risk.
4) Use a password manager
A password manager creates strong passwords and stores them securely. It also completes them for you, so you don’t need to remember them.
Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
5) Activate multi-factor authentication (MFA)
MFA adds a second verification before login. It is one of the simplest ways to block attackers.
6) Keep your software updated
Update your phone, computer browsers and apps regularly. These updates fix security holes that criminals try to exploit. When updates are delayed, weak passwords become even more risky because attackers can combine old software flaws with easy logins.
Pro Tip: Use a Data Deletion Service
Leaked passwords often come from old profiles on data broker sites that you forgot. A data removal service can delete your personal information from those sites and reduce the amount of your data that ends up on breach lists. When less information circulates online, your accounts become less tempting targets.
While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Kurt’s Key Takeaways
Weak passwords will still be a big problem in 2025, even with new tools and better education. You have the power to improve your security with a few quick changes. When you develop strong habits, you make it harder for criminals to access your accounts. Small steps add up quickly and give you much more protection online.
What do you think keeps people stuck with weak passwords even when the risks are clear? Let us know by writing to us at Cyberguy.com.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.