These Are the Most Common Passwords for Every Generation. Did Yours Make the List?

As long as we have had access to the internet, we’ve had to deal with passwords. And as more and more parts of our lives become dependent on the web, the sheer number of passwords we have to manage can be overwhelming. It’s easy to see why so many people get a little careless, reusing the same password for multiple accounts or using overly simple, easy-to-remember passwords.

But this poses a major security problem: A password that’s easy to remember is a password that’s easy to guess. This creates an exploitable attack surface for cybercriminals to steal your credentials, money and even your identity. Large institutions aren’t immune to this, either: The infamous Louvre heist that happened earlier this year was largely possible due to poor security practices, including the museum using Louvre as the password for its Wi-Fi network.

How secure (and un-guessable) are your passwords? This year, virtual private network (VPN) company NordPass analyzed a mountain of user credentials collected from data leaks and the dark web to report on the most popular passwords by generation. If you’ve been lazy about your own digital security practices, your password might just be on the list. Keep reading to learn the most common online passwords and get tech tips for making your own accounts more secure.

Get Reader’s Digest’s Read Up newsletter for more tech, cleaning, humor, travel and fun facts all week long.

Why do strong passwords matter?

Easy-to-remember passwords are convenient, but their potential downsides can be devastating. A weak and predictable password is easy to crack. Hackers may use software that guesses the most common passwords, and other freely available tools on the dark web (a hidden part of the internet notorious for criminal activity) may comb through your social media profiles to look for important names and dates that are likely to appear in your password.

Even if your password is long and strong, reusing the same one is a bad idea. If a company experiences a data breach—which happens more often than you may realize—cybercriminals won’t just have access to one of your accounts; they’ll be able to access many.

“If a password is frequently reused or easy to guess, bad actors can more easily gain access to email, banking and social media accounts, resulting in identity theft and financial loss,” says Gary Orenstein of Bitwarden, a popular password manager.

Thankfully, it’s not too late to improve your online security. Keep reading to find out the most common passwords and learn the best ways to manage your passwords going forward.

How did NordPass discover the most common passwords?

NordPass collected this information in conjunction with its security platform, NordStellar, as well as independent cybersecurity researchers. The passwords were gleaned from recent online data breaches and dark web sources and analyzed from September 2024 to September 2025.

Researchers sorted the passwords by country (the collected data included passwords from users in 44 countries), then further sorted the data according to generation, using metadata like date of birth when available. Finally, the data set was narrowed down to the top 200 most popular passwords, sorted by country and age cohort.

What are the 10 most common passwords in the U.S.?

The first one is admin, and they don’t improve from there. Here are the most common passwords for internet users in the United States:

1. admin
2. password
3. 123456
4. 12345678
5. 123456789
6. 12345
7. Password
8. 12345678910
9. Gmail.12345
10. Password1

Some of the most commonly used passwords, such as admin, password and numerical sequences, are obvious. But you can pick out a few complexity variants, including capital letters, a number at the end of a word and even the name of the users’ email service. But overall, these aren’t great.

How did the younger generations fare?

Not much better. You might assume that the tech-savvy younger generations would also be more security-conscious. However, NordPass says this isn’t the case. Younger people, often called digital natives, can be as careless as anyone when it comes to choosing simple, easily hackable passwords. Keep reading to find out how the data breaks down across generations.

What are the 10 most common passwords for Gen Z?

Gen Z is just as likely as older generations to use weak, insecure passwords. Aside from notable outliers like the distinctly Gen Z-flavored skibidi, the most common passwords for this generation look a lot like those of other generations: highly hackable. Six of the 10 most common Gen Z passwords are simple numerical sequences, making this the second most likely generation to use number strings. (This gen does get a nod for the cheeky No. 10.)

1. 12345
2. 123456
3. 12345678
4. 123456789
5. password
6. 1234567890
7. skibidi
8. 1234567
9. pakistan123
10. assword

What are the 10 most common passwords for millennials?

Millennials, another tech-savvy generation, didn’t fare much better with their password choices. Simple number and letter sequences account for seven of the 10 most popular millennial passwords. Notably, this is the last time password made the top 10 list, and we also see a few personal names being used (a trend that becomes more common among older users).

1. 123456
2. 1234qwer
3. 123456789
4. 12345678
5. 12345
6. 1234567890
7. password
8. 1234567
9. Contraseña
10. mustufaj

What are the 10 most common passwords for Gen X?

Gen X, which NordPass classifies as people born between 1965 and 1980, shows some similarities with younger generations but also some variance. While numerical sequences account for five of the top 10 most common Gen X passwords, the other five consist of words or names.

1. 123456
2. 123456789
3. 12345
4. veronica
5. lorena
6. 12345678
7. 1234567
8. valentina
9. teckiss
10. follar

What are the 10 most common passwords for boomers?

Baby boomers (those born between 1946 and 1964, according to NordPass) show some interesting variance in their choice of passwords. Among the top 10 most popular passwords, the first three are numbered sequences. However, the remaining seven are all names, forming a rather distinct theme with this generation. Admittedly, while these are better than password or 12345, simple names are not secure passwords and are easily cracked by hackers.

1. 123456
2. 123456789
3. 12345
4. maria
5. Contraseña
6. susana
7. silvia
8. graciela
9. monica
10. claudia

How do hackers get your passwords?

If yours are among the most common passwords, hackers are in luck. It’s easy for them to access password lists by searching databases of compromised accounts. It doesn’t take long for a password dump to end up on the dark web after a cyberattack. From there, stolen passwords are quickly circulated.

Once they have this list of passwords, how do hackers know which, if any, will grant them access to your accounts? They have a full arsenal of tricks for figuring out your password, from keylogging (recording your keystrokes without your permission) to phishing (fooling you into giving up your password) and beyond.

“A robust and secure password, on the other hand, protects your computer from viruses, malware and ransomware attacks, in addition to helping you avoid identity theft and protecting against an account takeover,” says Iskander Sanchez-Rola, director of privacy innovation at Gen, the cybersecurity network behind brands such as Norton and LifeLock.

How do you know if a hacker has your password?

When hackers get your password, they won’t tell you about it. But certain products you use may give you a heads-up. If you use antimalware software (like Norton or McAfee) or a password manager, it will alert you to any passwords it has cross-referenced with those leaked onto the dark web and will advise you to change them immediately. Your web browser or smartphone operating system may do the same.

There are also trusted websites like HaveIBeenPwned.com, an online repository of email addresses and passwords that have been collected from publicly disclosed data breaches. If you enter your email address, the site will tell you if that email address has appeared in data breaches and, if so, from which sites.

But don’t ever share your password on any site that asks for it.

What are some tips for creating strong passwords?

Even as websites require users to feature capital letters or a mix of numbers and letters in their passwords, many people still skirt around these precautions. Don’t assume that these complexity requirements make your password more secure. Brute force attacks can roll through hundreds or even thousands of commonly used passwords in minutes, so an extra number or a capital letter is no obstacle to determined hackers.

So how do you actually set up a good password? Here are a few tips:

• Make it at least 15 characters long. Easily hackable passwords aren’t just simple; they also tend to be short. Think of some of the above passwords, such as 123456, admin or even password. Almost all of them are less than 10 characters long. “The longer the password is, the better,” says Gediminas Brencius, head of product at NordPass. “Experts at NordPass advise no fewer than 20 characters, plus people should also avoid dictionary words, popular slang or other words that could potentially be used by many.”
• Add some complexity. Don’t use a simple word or numerical sequence, even a long one. Use a mix of capital and lowercase letters and special characters if the website or app allows it (most do nowadays, and some even require it). Using a memorable phrase with some complex characters sprinkled in adds both length and complexity.
• Don’t include information that can be guessed or found online. This includes personal names and birthdates—the type of information that a hacker may already know (or that may be available elsewhere online) if they’re specifically targeting you.
• Use a different password for each account. This is a hard one, but it’s important to use different passwords for all of your online accounts (or at least your most important ones). A good free password manager easily keeps track of login credentials across accounts and devices. Many web and mobile browsers today include built-in password managers.
• Use a password generator. Having trouble coming up with unique, secure passwords for all of your accounts? Let a password generator do it for you. You can easily search for these online, although this feature is also built into password managers and some browsers.
• Use multifactor authentication. Add a second layer of security to your accounts by enabling multifactor authentication. With it, you’ll be prompted to enter a one-time code that’s sent to your device (via an app, text message or email) to prove it’s you.
• Set up a passkey. An increasingly popular alternative to a password is a passkey. Major tech companies, including Microsoft, Amazon, Apple and Google, have already adopted the technology. To access a website or app, a passkey relies on a string of encrypted data stored in your phone or laptop and verification from you via a face or fingerprint scan or a PIN code.

Online security is as critical as it’s ever been, and with more and more of our daily lives revolving around the internet, that’s not likely to change any time soon. Cybercriminals are always looking for new and more advanced ways to access your data and steal your stuff. It’s essential to practice good security hygiene with your online accounts, and that starts with choosing a strong password that can stop a brute-force attack in its tracks.

Additional reporting by Marc Saltzman.

RELATED:

• Gen Z Rewrote the Rules on Phone Etiquette … Again. Find Out the New Mistake You May Be Unknowingly Making
• You Need to Remove Your Personal Info from This Invasive Website ASAP—Here’s How
• This One Common Habit Shortens the Life of Your Phone (Hint: There’s a Good Chance You’re Doing It Right Now!)

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece, Lucas Coll tapped his experience as a tech reporter to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.

Source:

• NordVPN: “Top 200 Most Common Passwords: Generations change, password habits remain”
• Gary Orenstein, chief customer officer at Bitwarden
• Iskander Sanchez-Rola, director of privacy innovation at Gen
• Gediminas Brencius, head of product at NordPass

Your Boss Could Be Spying on You

Use Your iPhone as a Real ID

Think Twice Before Getting Loyalty Apps