By Gintautas Degutis
NordPass has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year’s study focused on understanding how passwords used by different generations vary.
Below are the key takeaways:
In South Africa, “admin” is the number one password, while “123456” takes second place.
Password quality is equally poor across all generational groups. Far from discerning differences, researchers found a striking uniformity in vulnerability. For every age bracket, “12345” and “123456” consistently emerge as the top choices.
However, older generations are more likely to use names in their passwords. Generations Z and Y use almost no names in their passwords, relying rather on combinations like “1234567890” and “skibidi.”
Numbers top both the global and generational lists. Simple numeric sequences spanning from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” also dominate the top 20 lists in various countries, including South Africa.
Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the main list include special characters, a notable rise from just six last year. Unfortunately, most of them are no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”
More than half of the exposed world’s most common passwords we discovered are still made of the easiest keyboard combinations of numbers and letters, such as “qwerty,” “1q2w3e4r5t,” and “123456789.”
Most common passwords in South Africa
Below are the top 20 most common passwords in South Africa. The full list of global passwords and those from other countries covered by this research is available here.
admin
123456
password
Kenzo007
12345678
12345
Password1
P@ssw0rd
sindy1
Jassie21
Scorpion1234
macebo123
Password
saskia
123456789
jagadira
Dzunisani1
Fifteen15!
Password@1
Knowledge1
Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, South Africans seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate South Africa’s top 20 list.
However, different variations of the word “password” take up as many as five spots in South Africa’s top 20 most common passwords list. Different numeric combinations take up four spots.
Global trends
Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.
“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Karolis Arbaciauskas, head of product at NordPass.
The myth of the “digital native”
Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.
“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.
Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers.
Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”
The full list is available here.
Password safety tips
According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:
Create strong random passwords or passphrases. Passwords should be at least 20 characters long and consist of a random combination of numbers, letters, and special characters.
Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.
Review your passwords. Make sure to regularly check the health of your passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.
Use a password manager. It can help you generate, store, review, and safely manage all your passwords, ensuring they’re well protected, difficult to crack, and easily available when you need them.
Turn on multi-factor authentication (MFA). It adds an extra layer of security. MFA helps keep hackers out even if a password gets breached.
Research methodology
This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specialising in research of cybersecurity incidents. Recent public data breaches and dark web repositories were analysed for passwords exposed from September 2024 to September 2025, with statistically aggregated data extracted. No personal data was acquired or purchased for this research.
- This story was supplied by NordPass, a password manager developed by NordVPN that securely stores and manages online login credentials, credit card details, and other sensitive information
