The latest NordPass report on global password trends 2025 shows cultural fingerprints in many countries, yet “123456” still leads worldwide.
The seventh Top 200 Most Common Passwords study, produced with NordStellar and independent incident researchers, examines passwords exposed in public breaches and dark web repositories from September 2024 to September 2025. It covers 44 countries and multiple age groups.
Numbers Rule, but Words Reflect Language and Culture
Globally, “123456” ranks first. “Admin” appears in second place, with “12345678” in third. Numeric strings from “12345” to “1234567890,” along with combinations such as “qwerty123,” dominate many national top 20 lists.
Within global password trends 2025, the word “password” appears in many languages. The report lists examples such as Slovak “heslo,” Finnish “salasana,” French “motdepasse” and Spanish “contraseña.” Users often attach familiar words to simple number runs, creating variants that feel personal but remain weak.
Researchers also note changing slang. In previous years, sports-related terms like “football” and “baseball” featured more often. Now, swear words replace them in some countries, reflecting shifts in online language and attitudes.
Generational Names Show Personal Habits
NordPass examined how different generations embed names in passwords. It found that Generations Z and Y rarely use names, favouring numeric combinations such as “1234567890” and pop-culture references like “skibidi.”
Among older users, names appear more often. In Generation X, “Veronica” stands out. Among Baby Boomers, “Maria” leads. For the Silent Generation, “Susana” is the most common name in passwords.
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.
These patterns show how language, personal ties and culture shape passwords, even while attackers can still guess them.
Slow Shift Toward Stronger Protection
NordPass reports a rise in special characters on its global list. Thirty-two passwords now include them, compared with six last year. Yet many follow predictable forms such as “P@ssw0rd,” “Admin@123” and “Abcd@1234.”
Karolis Arbaciauskas, head of product at NordPass, says the overall trend remains worrying. “Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys – a new passwordless authentication method based on biometric data – but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Arbaciauskas.
NordPass advises long, random passwords or passphrases, no reuse across accounts, regular password health checks, password managers and multi-factor authentication.
The company hopes better tools and education can shift global password trends 2025 away from predictable words, names and number strings.
