Tag Archives: password trends

2026, NordVPN, Passwords

Why ‘123456’ Is Still Ruining Business Security

Leave a comment

There are some things you expect to see in 2026. AI everywhere. Electric cars quietly taking over. Smart homes that know when you have run out of milk.

What you do not expect is that one of the biggest threats to company security is still someone typing 123456 into a login box.

Yet here we are.

A recent piece of research from NordPass lays it all bare. After analysing huge volumes of passwords exposed in real world data breaches, the conclusion is both fascinating and slightly terrifying. Business passwords are often no better than the ones we were being warned about twenty years ago.

The same bad habits, everywhere

Across sectors like healthcare, manufacturing, tech and finance, the patterns repeat themselves. Simple number sequences dominate. Obvious choices like 123456, 123456789 and password keep cropping up. In some cases people are even using their own email address as the password.

That last one is particularly grim. If your username is already public, you have effectively handed an attacker half the keys to the building.

What struck me most was how universal this problem is. This is not a single careless industry or a few unlucky firms. It is a human behaviour issue. Convenience beats caution every time unless systems are designed to protect us from ourselves.

Why attackers love this

From an attacker’s point of view, weak passwords are a gift. Automated tools can try millions of common combinations in seconds. If employees reuse passwords across systems, one breach can quietly unlock several more doors.

This is often how serious incidents begin. Not with Hollywood style hacking, but with someone guessing a password that should never have existed in the first place.

The uncomfortable truth for businesses

Here is the bit that matters. This is not really a technical problem. The tools to fix it have existed for years.

Strong password policies. Password managers. Multi factor authentication. Alerts for leaked credentials. None of this is exotic or expensive anymore.

What is missing is consistency and enforcement. Many organisations still rely on guidance rather than rules, or assume that staff will naturally do the right thing. History shows they will not, especially when speed and convenience are rewarded.

What actually works

From everything I have seen over the years, both professionally and personally, a few things make the biggest difference.

First, remove the burden from users. A good password manager means nobody has to remember anything clever.

Second, enforce unique passwords everywhere. No exceptions.

Third, enable multi factor authentication wherever possible, especially for email and admin accounts.

Finally, treat leaked passwords as inevitable, not hypothetical. Monitor for them and act quickly.

Still relevant, still risky

It is easy to laugh at 123456. It feels like a joke from the early days of the internet. But when that same password is still opening real company systems today, it stops being funny very quickly.

The NordPass research is a useful reminder that cybersecurity does not always fail at the cutting edge. More often, it fails at the front door.

And the front door is still wide open far too often.

2025, Hacking, Security

Cybernews Cracks the Password Puzzle: What 19 Billion Passwords Reveal About Us

Leave a comment

We’ve all been there — that moment when the password box blinks impatiently, waiting for your brain to produce something secure and memorable. But what if I told you that billions of us are still relying on “123456” or “password” to guard our digital front doors?

Researchers at Cybernews have just released a fascinating and somewhat alarming analysis of 19,030,305,929 leaked passwords, and the findings tell a revealing story about human behaviour, pop culture obsessions, and our often lacklustre approach to security.

Only 6% of Passwords Are Unique – Let That Sink In

Out of 19 billion passwords, only 1.1 billion were unique. That means 94% of people are using the same passwords as someone else — and in the world of hacking, that’s music to a cybercriminal’s ears.

The most common passwords? You’ve guessed them:

  • “password” – used 56 million times

  • “admin” – 53 million times

  • “123456” – 338 million times

  • “1234” – found in nearly 4% of all passwords (that’s 727 million accounts!)

It’s 2025 and we’re still living in a world where “qwerty” and “abc123” are considered acceptable safeguards.

What We Love Shows Up in Our Passwords

The team at Cybernews created themed wordlists to understand what people use in their passwords. The results are both amusing and a little worrying.

Pop Culture Reigns Supreme

Characters like:

  • Mario (9.6M)

  • Batman (3.9M)

  • Joker (3.1M)

  • Thor (6.2M)

  • Elsa (2.9M)

Yes, even a magical ice queen made it onto the hacker’s dictionary.

Our Favourite Animals?

  • Lion (9.8M)

  • Fox (7.8M)

These majestic creatures might be noble, but they’re not secure.

Love, Tea, and Swear Words

  • Love” appears in 87 million passwords.

  • Tea – our national treasure – is in 36 million!

  • And surprisingly (or not), words like “ass” (165M), “fuck” (16M), and “shit” (6.5M) are extremely common.

Seems like when people get frustrated with password rules, they get… expressive.

The Human Factor: Names, Cities, and Seasons

We seem to really love personal and familiar things:

  • Ana is the most-used name (178.8M times).

  • Rome is the top city (13M).

  • Summer (3.8M) leads the seasons, while May (28M) and April (5.2M) dominate the months.

  • Monday is weirdly the most popular weekday (800,000).

And professions like boss, cook, and hunter show up in millions of passwords. Is that confidence or wishful thinking?

Big Brands in Passwords: Not a Great Idea

Believe it or not, some people think referencing tech giants will protect them:

  • Google – 25.9M passwords

  • Facebook – 18.7M

  • Kia – 12.7M (your guess is as good as mine)

Why This Matters (and What You Should Do About It)

With only 6% of passwords being unique, dictionary attacks and credential stuffing become a walk in the park for bad actors. If your password is on one of these lists, your account could be next.

Top Tips for Better Passwords:

  1. Use a Password Manager – Tools like Bitwarden, 1Password or KeePass make strong passwords easy.

  2. Avoid Dictionary Words – Even “FrostyTheSnowman1983” isn’t safe if enough people use it.

  3. Go Long and Complex – At least 12 characters, mixing letters, numbers, and symbols.

  4. Don’t Reuse Passwords – Ever.

  5. Turn On 2FA – Always enable two-factor authentication where possible.

The Bottom Line

Your password is often the only thing standing between your private data and a very bad day. The Cybernews report doesn’t just expose poor habits — it’s a stark reminder that humans are the weakest link in cybersecurity.

So, before you set your next password to “GadgetMan2025”, take a moment. You’re worth a better lock on your digital door.

Matt Porter – The Gadget Man

Have you checked your passwords recently? Would you like me to review any password manager tools for you next?