Comparitech researchers have collected over 2 billion passwords from real accounts that were published on forums as a result of data leaks in 2025.
Comparitech researchers have collected over 2 billion passwords from real accounts that were published on forums as a result of data leaks in 2025.
According to the materials of this British research company, which publishes reports on cybersecurity, data privacy, and internet censorship, the most common passwords in 2025 are still the most primitive and banal ones — such as 123456, admin, and password.
In general, the top 20 most popular passwords look like this:
The table from the study lists the 100 most common passwords overall, along with the number of times each appeared in the data set analyzed by the company.
The company also notes that a quarter of the 1,000 most popular passwords consisted exclusively of numbers, and 38,6% contained the string of numbers 123. Similarly, 3,1% contained the string of letters abc.
Many common passwords are made up of a single character. For example, «111111» is the 18th most common password. These numbers and letters are often combined with similarly weak words like password, admin, and qwerty.
The word «minecraft» is the 100th most common password in the dataset, occurring nearly 70,000 times, plus another 20,000 times with the alternate case of «Minecraft.» For comparison, «123456» occurred 7.6 million times.
In its report, Comparitech recalls that most experts recommend using a password that is at least 12 characters long, but 65,8% of the passwords analyzed had fewer than 12 characters.
For the study, Comparitech collected over 2 billion credentials from data leak forums on Telegram and other channels. At the same time, the researchers anonymized the data to remove any personal information.
Recall that in the summer, a Google database hack put 2.5 billion Gmail accounts at risk. At that time, experts advised changing passwords immediately.
We also wrote that the password «123456» to McDonald’s AI bot for hiring staff could have exposed the data of over 60 million people.
