Do you think that you have strong passwords? Are you sure about it?A new study examined more than 200 data breaches between April 2024 and 2025, and found that of the 19,030,305,929 newly exposed passwords. More that twice of the population of the whole world.
A quite interesting analysis to read and understand the password behavior of human beings and maybe to re-consider our own passwords.
https://bit.ly/3F4HVOR
Headlines:
"...Lazy keyboard patterns, such as 123456, still reign supreme, and 94% of passwords are reused or duplicated, data leaks from 2024-2025 reveal. Names like Ana rank as the second most popular component."
"'We’re facing a widespread epidemic of weak password reuse. Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks...'"
"Key takeaways
- Most people use 8–10 character passwords (42%), with eight being the most popular.
- Almost a third (27%) of the passwords analyzed consist of only lowercase letters and digits.
- Passwords composed of profane or offensive words might seem rare, but they're actually very common in practice.
- Despite years of being called out, default and 'lazy' passwords like 'password', 'admin', and '123456' are still a common pattern."
"The analyzed dataset contains exposed credentials from leaks or breaches that happened in a 12 month period starting with April 2024.
The data included leaked databases, combolists, and stealer logs originating from around 200 cybersecurity incidents. Only data that became publicly available was analyzed.
The leaks exposed a total of 19,030,305,929 (19 billion) passwords. Only 1,143,815,266 (6%) (1 billion) of passwords were identified as unique."
"It’s no surprise that you’ll find '1234' in almost 4% of all passwords – over 727 million passwords use this sequence. Extending it by two additional numbers, to '123456', leaves 338 million passwords using it. 'Password' and '123456' have been the most popular passwords at least since 2011."
"Many systems originally provide these defaults, such as routers with 'admin/admin' or phones with 1234 PINs. Users either never change them or even recycle these passwords elsewhere themselves."
“'Many users choose a name as part of their password. We cross-referenced the dataset with the 100 most popular names of 2025 and found that there’s a whopping 8% chance for them to be included as part of a password,' the researcher explains.
Ana was the most popular, used in almost 1%, or 178.8M passwords. This short component naturally appears in many other common words, such as 'banana' (used in 3.7M passwords).
Many users opt for passwords inspired by positive, uplifting concepts. Words like love (87M), sun (34M), dream (6.1M), joy (6.9M), and freedom (2M) dominate the positive wordlist.
Some of the most frequently used pop culture terms in passwords include Mario (9.6M), Joker (3.1M), Batman (3.9M), Thor (6.2M), and, surprisingly, Elsa (2.9M) from Disney’s 'Frozen'.
'Positive associations, admired characters, and nostalgia make people feel familiar and are easy to recall. However, popularity becomes predictability, exploited by attackers,' the researcher explains.
Swear words are also very common in passwords. The top entry, ass (165M), can be partly explained by the use of 'pass' or 'password'. However, users often craft their passwords using fuck (16M), shit (6.5M), dick (3.2M), and bitch (3.2M)."
"Other top-most frequently used words in passwords include countries, cities, US states, food, popular brands, nature, animals, or even seasons or months.
The most popular city for passwords is Rome (13M), while 9.8M passwords include lion and 7.8M – fox. Summer (3.8M) is the most popular season, and users seem to prefer Monday (0.8M) the most to protect their accounts."