Most Common Passwords Revealed
Despite repeated warnings from cybersecurity experts, millions of internet users continue to rely on simple, easily guessed passwords — with “123456” once again ranked as the world’s most common password.
A new study by Peec AI has analyzed more than 100 million passwords exposed in global data breaches over the past six years, uncovering the most frequently used words, numbers, and phrases. The findings suggest that many people are still neglecting even the most basic online security measures.
Weak Passwords Still Widespread
According to the analysis, “123456” appeared in 6.6 million leaked passwords, while the word “password” was used nearly one million times. Other predictable combinations — including “123456789,” “qwerty,” and “abc123” — also featured prominently in the data.
“Using obvious combinations like 123456 puts your personal information at serious risk,” said Malte Landwehr, Chief Marketing Officer at Peec AI. “Given the volume of passwords leaked each year and the continued rise in phishing and scam reports, strong password security has never been more important.”
Names, Teams, and Pop Culture References Dominate
Peec AI’s research team examined passwords from 10 million users across a range of categories, including names, sports teams, values, and even celebrities.
Among personal names, Michael was the most common, appearing in more than 107,000 passwords, followed by Daniel, Ashley, Jessica, and Charlie.
When it came to sports, Liverpool, Chelsea, Barcelona, Arsenal, and Juventus were the most frequently used team names, while football led the list of sports-related passwords.
Pop culture also continues to influence password choices. Blink–182 appeared in 84,545 breached passwords, while 50 Cent, Eminem, and Justin Bieber were also popular. Fictional characters such as Superman, Batman, Wall–E, Hello Kitty, and SpongeBob rounded out the list.
The Top 10 Most Common Passwords
123456
123456789
111111
password
qwerty
abc123
12345678
password1
1234567
123123
How to Stay Secure Online
Experts continue to stress that longer, more complex passwords remain the best defence against cyberattacks.
“You should aim for a password that’s at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and special characters,” Landwehr advised. “Avoid predictable patterns like ‘12345’ or ‘qwerty,’ and never use personal information such as names, birthdays, or pets.”
He also warned against reusing the same password across multiple platforms. “If one account is compromised, attackers will often attempt the same password elsewhere,” he said.
Password managers can help users store and generate strong, unique credentials for each account.
Finally, Landwehr urged users to enable multi-factor authentication (MFA) wherever possible.
“MFA adds an extra layer of protection by requiring a second form of verification, such as a temporary code or authenticator app,” he said. “Even if someone gains access to your password, they won’t be able to access your account without that second step.”
The takeaway:
Despite years of cybersecurity warnings, the data shows that millions of people are still choosing convenience over security. Experts say that with strong, unique passwords and the use of MFA, most online accounts can be significantly better protected from attack.