Overview
- Drawing on passwords exposed in public breaches and dark‑web repositories from September 2024 to September 2025, NordPass and NordSteller identified global usage patterns across 44 countries.
- Globally, "123456" ranked first yet again, while "admin" placed second and remains a common default that often goes unchanged.
- In the United States, "admin" led the rankings, with "password" and simple numeric sequences also appearing prominently in the top 10.
- NordPass noted a modest shift toward special characters, with 32 of the 200 most common global passwords including symbols such as @, up from six the year before.
- The report urges 20‑character‑plus unique passwords, multi‑factor authentication, and the use of password managers, which the UK’s National Cyber Security Centre endorses for creating and storing strong logins.