America’s most used password in 2025 takes seconds to crack

Millions of Americans are using the same weak passwords — and cybercriminals are cashing in

Weak passwords make hacking easy. Check if your login is on the top 2025 list. | ©Image Credit: Towfiqu barbhuiya/Unsplash
Weak passwords make hacking easy. Check if your login is on the top 2025 list. | ©Image Credit:

Passwords are meant to safeguard our most personal data, but what if the very thing keeping us safe is the easiest way in for hackers? According to a 2025 report, the most commonly used passwords in the U.S. this year remain simple and all too familiar. In a digital age where a single cracked login can unlock email, social accounts, finances, and more, millions of Americans are playing right into the hands of cybercriminals. The question is: are you one of them? Keep reading — because the risks might scare you into changing your password today.

Table of Contents show

The most common passwords in the United States for 2025

A new analysis from cybersecurity firms NordPass and NordStellar—both known for monitoring leaked credentials and tracking online threats—reveals just how careless many Americans remain with their digital security. After reviewing millions of compromised passwords and studying how different age groups approach password creation, researchers uncovered a persistent pattern: people are still choosing simple words, predictable number sequences, and familiar keyboard combinations that give hackers near-instant access to their accounts.

Leading the list this year is a repeat offender: “admin”, now officially the most widely used password in the United States. Close behind are multiple variations of “password,” which occupy five spots, along with nine entries made up entirely of number strings. One explicit term even managed to break into the rankings, underscoring how frequently users opt for convenience over security.

Below are the 20 most common passwords in the U.S. for 2025:

  • admin
  • password
  • 123456
  • 12345678
  • 123456789
  • 12345
  • Password
  • 12345678910
  • 12345
  • Password1
  • Aa123456
  • f*******t
  • 1234567890
  • abc123
  • Welcome1
  • Password1!
  • password1
  • 1234567
  • 111111
  • 123123

Weak passwords are a global problem

The problem isn’t limited to the United States. Weak passwords are a global issue. Around the world, “123456” holds the title as the most commonly used password, with “admin” and “12345678” following close behind. Their popularity stems from convenience: they’re easy to memorize, but unfortunately just as easy for attackers to crack.

Researchers did identify one notable shift: a growing number of passwords now include special characters, and the rise is significant. Yet despite this improvement, many of these passwords still offer little real protection. Combinations like “P@ssw0rd” and “Abcd@1234” may look stronger, but their predictable patterns make them effortless for modern cracking tools to defeat.

Even younger generations make risky password choices

It’s a common assumption that younger adults are naturally savvy about digital security, having grown up with smartphones, social media, and constant online access. Research, however, paints a different picture.

According to NordPass, an 18-year-old often chooses the same weak password patterns as someone twice their age—or even older. While younger users tend to favor long number sequences, older generations lean more heavily on names. Neither approach produces truly secure, random passwords. Interestingly, Generations Z and Y generally avoid using names, whereas Generation X and older rely on them frequently. Regardless of the method, both strategies leave accounts vulnerable, as cybercriminals are well aware of these predictable habits.

Why weak passwords pose a serious threat

Weak passwords remain a major security risk, largely because cybercriminals use automated tools designed to exploit predictable patterns. These programs start by testing simple words and common combinations, giving them instant access when millions of people reuse the same easy-to-guess passwords.

Such weak logins are a primary driver of data breaches and account takeovers. Hackers run scripts capable of checking billions of password combinations per second, meaning a common password can be cracked in moments. A single compromised login can expose emails, social media accounts, bank information, and more, with many attacks beginning this way. Once inside one account, criminals often attempt the same credentials on multiple platforms, rapidly expanding the scope of their attack.

Tips to bulletproof your passwords

Protecting your accounts doesn’t have to be complicated. Follow these key habits to stay safer online:

  1. Create strong, random passwords: Use long passwords or passphrases (20+ characters) with letters, numbers, and symbols. Avoid predictable patterns.
  2. Never reuse passwords: Each account should have a unique login so a single breach doesn’t compromise everything.
  3. Update weak passwords: Replace old or simple passwords with fresh, strong ones to reduce risk.
  4. Use a password manager: Securely generates, stores, and autofills passwords, plus many include breach scanners for exposed accounts.
  5. Enable multi-factor authentication: Adds an extra layer of protection even if your password is stolen.
  6. Keep software updated: Regular updates patch vulnerabilities that hackers exploit alongside weak passwords.
  7. Consider a data removal service: These services erase your personal info from forgotten profiles and data broker sites, limiting exposure to breaches and scams.

Source: Fox News