Although the current level of technology is unprecedentedly advanced, many users around the world are still stuck in the 1990s when it comes to password security. The latest study on the most commonly used passwords once again shows that many people still regard numerical sequences such as "123456" as the most secure credentials, with "123456" continuing to top the list of the most commonly used passwords.

This latest list of "most common passwords" was released by technology research and evaluation website Comparitech. The research team combed through more than 2 billion real account passwords leaked on data leakage forums in 2025, and counted the 100 most frequently used passwords.

The top twenty on the list are all usual "suspects": the top three are "123456", "12345678" and "123456789", "admin" ranks fourth, "password" ranks eighth, and the extremely simple "123" also enters the top ten. No. 20 is equally surprising, "1111". In addition, "****" ranks 35th, and "gin" ranks 29th. The password "123456" appears 7.6 million times in a total of 2 billion data. "Minecraft" ranked 100th, also appearing nearly 70,000 times, while "Minecraft" and other variants were also found in 20,000 times.

Another "different" high-frequency password is "India@123", ranked 53rd.

Comparitech further analyzed the list data, which they called a "window of human laziness": a quarter of the top one thousand passwords were composed entirely of numbers; 38.6% of passwords contained the string "123", 2% of passwords contained "321" in reverse order, and 3.1% contained "abc". Many popular passwords are simple repetitions of a single character.

Security experts recommend that passwords be at least 12 characters long to improve security, but 65.8% of passwords on the list do not meet this standard; 6.9% of passwords are less than 8 characters, and only 3.2% of passwords exceed 16 characters.

Although modern people are increasingly using browser password managers or third-party password management software, these solutions are not absolutely secure, but they are obviously much stronger than using "123456" or repeatedly using the same password on multiple platforms. Two-step verification is also recommended to further enhance account security.

Not only are ordinary users using weak passwords, some well-known institutions are not immune as well. It was reported this week that the Louvre Museum's video surveillance system actually uses "LOUVRE" as the password and is still running Windows 2000.

No matter how informatization advances, the risk of weak passwords still exists widely, and security awareness needs to be improved urgently.