Introduction: You’re Probably Still Using ‘123456’—And Hackers Thank You for That

Here’s the uncomfortable truth: your password might suck. And not just in a “you can do better” way — we mean in a “hackers could crack it before you finish this sentence” kind of way.

According to a 2025 report by NordPass, based on a massive 2.5TB dataset of real-world breaches, the most commonly used passwords globally are as obvious as they are ridiculous.

Topping the list? The infamous “123456”, used by over 3 million people. Yes, you read that right —three million people decided that a kindergarten counting sequence was good enough to protect their emails, bank apps, or Instagram accounts.

The sad part? That single password can be cracked in under one second.

Let that sink in. And now, let’s dig into the full list — and the global epidemic of lazy passwords that just won’t die.

The Dumbest Smart Era: Why Are We Still Doing This in 2025?

You’d think that with AI booming, cybercrime rising, and tech literacy supposedly improving, we’d all be a little more cautious. But the data says otherwise.

Despite endless reminders to “create strong, unique passwords,” the human race keeps choosing passwords like “password” (ranked #4) or the romantic but equally unsafe “iloveyou” (ranked #17).

Why? A few reasons. We’re forgetful. People don’t want to remember different complex passwords for every app. We’re also busy. Who has time to invent a phrase with uppercase, lowercase, numbers, symbols, and the tears of a unicorn?

But ultimately, we’re lazy. Let’s admit it — sometimes we just want to get past the login screen and watch our K-drama in peace.

But this laziness comes at a cost.

The Top Passwords of 2025 (According to NordPass)

Photo Credit: Visual Capitalist

NordPass compiled its list using a database of cybersecurity breaches pulled from public leaks, meaning these passwords were used by real people whose data got exposed. Topping the chart were gems like:

123456, 123456789, password, 111111, qwerty123, abc123, and the timeless classic, iloveyou.

Nearly all of these can be cracked in less than a second. And let’s be real — who still thinks “dragon” is a clever password?

A Global Problem in a Digital Age

This isn’t just a quirky list to laugh at — it reflects a serious cybersecurity issue. In 2024 alone, cyberattacks cost the global economy an estimated $12 trillion, with stolen credentials being a top method of attack.

Hackers don’t even need to guess anymore. They use pre-built “dictionary lists” filled with the most common passwords and automate login attempts using bots. If your password is on the list above, chances are your account has already been tested.

It’s like leaving your house key under the mat and then posting a photo of it on Twitter.

Africa Is Not Immune

While most password breach data tends to focus on North America, Europe, and parts of Asia, African internet users are increasingly at risk. As smartphone penetration and online banking continue to rise, so does the threat of cyber fraud, phishing scams, and data theft.

In Nigeria, cybercrime incidents surged by about 47% in the first quarter of 2025 compared to the previous year, highlighting a rapidly growing threat landscape. A significant portion of these attacks, over 70%,involve the exploitation of weak or compromised login credentials.

Many small business owners still use easily guessable passwords like “admin123” or “12345678,” making them highly vulnerable to cyberattacks.

This trend underscores the urgent need for improved cybersecurity awareness and stronger password practices among individuals and businesses across Nigeria.

Photo Credit: Image FX

Why Simplicity Hurts You More Than It Helps

Let’s break it down.

Easy passwords equal fast entry for hackers. Reusing passwords means one breach becomes multiple breaches. Weak passwords lead to identity theft, financial loss, and reputational damage.

And don’t be fooled by small changes. Swapping “password” for “Password” or “P@ssword1” may feel clever, but modern cracking tools can handle those tweaks in microseconds.

Cybersecurity experts now say complexity isn’t enough — what matters is unpredictability and uniqueness.

How to Actually Create a Strong Password in 2025

Yes, you’ve heard this a thousand times. But let’s put it in plain, 2025-style terms. A good password should be at least 12–16 characters long, random (no birthdays, names, or common words), and a mix of upper/lowercase, numbers, and symbols.

Here’s a helpful trick: use passphrases.

Instead of “123456”, try something like:

• PurpleMangoesDance97!
  Or:

• FufuEats@Midnight4Kings

These are weird, hard to guess, and surprisingly easy to remember if they’re based on personal — but-non-obvious associations.

Should You Be Using a Password Manager? Yes. Yesterday.

The truth is, humans weren’t built to remember 50 strong, unique passwords. That’s why password managers exist.

Tools like NordPass, 1Password, and Bitwarden generate and store tough passwords for you. With one master password (a good one, please), you can access all your logins securely.

And no, writing passwords in your phone's Notes app or a Post-it under your keyboard does not count.

What If You Recognize Your Password on That List?

Don’t panic. But also, don’t delay.

Change your password immediately. Enable two-factor authentication (2FA) wherever possible. Audit your other accounts and change any duplicate or similar passwords.

Because even if you’re not a billionaire or a celebrity, your data still has value — and so does your peace of mind.

Pop Culture, Psychology, and Passwords

Want to know something fascinating? The passwords we choose say a lot about us.

“iloveyou” spikes around Valentine’s Day. “Dragon” was popular during Game of Thrones’ heyday. “monkey” has baffled cybersecurity researchers for over a decade.

In some countries, soccer clubs, K-pop idols, or Bible verses top the list, just not global enough to crack the top 25.

It’s human nature to personalize. Unfortunately, that’s also what makes us predictable.

Photo Credit: Image Fx

Your Password Is Your Digital House Key

Think of your password like the key to your life. Would you leave your front door unlocked with a neon sign that says “123456”? Of course not. Yet online, millions of people do this every day — sometimes with their bank accounts, health records, or entire business operations.

The good news? It’s never too late to start being smarter.

Start with one account. Fix it. Then fix the next. By next week, you could be 99% more secure than you were five minutes ago.

Because at the end of the day, your security is your responsibility — and your password is the frontline defense.