NordPass, the password management tool developed by the team behind NordVPN, has unveiled its list of the 200 most common passwords for 2025—and it seems many people are still relying on notoriously weak options.
This year, the most commonly used password worldwide was the notorious “password,” which hackers could crack in under a second. Similarly, the second and third most-used passwords, “123456” and “123456789,” were just as vulnerable, taking hackers a second to crack. These predictable combinations continue to highlight the need for stronger password practices.
NordPass created its list with the assistance of independent cybersecurity researchers who analyzed a three-terabyte database to gather their insights. The list includes some fascinating (and cautionary) details. For instance, almost 5 million people worldwide use “password” as their password. Of the 20 most common passwords, 18 were guessed in less than one second.
The key takeaway? If your password appears on the list, it’s time to change it.
To protect yourself from being hacked, here are the 20 most common passwords of the year according to NordPass — and what to do if yours is one of them:
- password
- 123456
- 123456789
- guest
- qwerty
- 12345678
- 111111
- 12345
- col123456
- 123123
- 1234567
- 1234
- 1234567890
- 000000
- 555555
- 666666
- 123321
- 654321
- 7777777
- 123
According to Bitwarden’s 2025 Password Management Survey, 31% of U.S. Respondents reported experiencing a data breach in the past 18 months. To reduce the risk of becoming part of this statistic, NordPass suggests creating strong passwords that are at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Using a password generator is a great way to craft these complex passwords.
Additionally, avoid reusing the same password across multiple accounts, even though it might seem convenient. The Bitwarden survey revealed that over 80% of Americans reuse passwords across different websites, with nearly half (49%) relying solely on memory to manage passwords.
Consider using a password manager like LastPass, 1Password, NordPass, or Bitwarden for better password security. These tools can securely store, organize, and access your passwords, eliminating the need to rely on memory and ensuring better account protection.
Additionally, NordPass recommends regularly reviewing the accounts you actively use. Unused accounts pose an online security risk, as a breach could go unnoticed.
Finally, it’s important to periodically check the strength of your existing passwords and update them with more complex and secure ones. Even if you’re not using “password” as your password, improving your cybersecurity practices could be beneficial.
Want to earn more and work less? Register for the free CNBC Make It: Your Money virtual event on December 13 at noon ET to learn how to increase your earning potential from money experts like Kevin O’Leary.