The top 10 most common passwords of 2025:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
This shows people are still being reckless and not properly securing their online identities.
But what makes a password strong?
The US National Institute of Standards and Technology offers the following advice. Make sure your passwords are:
- Long enough – a minimum of 15 characters, using the latest NIST guidelines, with 64 characters as a reasonable maximum password length.
- Random, with a mix of upper- and lower-case letters, numbers, and symbols that are not found in a dictionary and don’t include any part of your name or the name of the service they unlock.
- Not easy to guess.
Experts at NIST say that recent analyses of breached password databases show that having a longer password is far more important than trying to make it complex, according to an article published by ZDNET.
Passphrases made up of three or more unrelated words separated by symbols and numbers can be effective as well.
The average person may have several passwords. To help, you can use a password manager to create long, unique, tough-to-crack passwords, saved in a secure manner.
It’s a natural human instinct to have a favorite set of credentials (username and password) that you reuse on multiple sites. While this can make your online life seem easier, it means that a data breach at one site will give attackers access to that set of credentials, which they will in turn try on other sites that weren’t affected by the breach.
A good password manager should flag reused passwords and offer to create strong, unique replacements.
