There is an epidemic of weak passwords being reused by people, and we are still using lazy patterns like 123456, which makes it easier not only for cybercriminals to crack them but lead to “dictionary attacks” and security breaches, according to a study by Cybernews.
Over 19 billion passwords have been exposed by more than 200 data breaches and leaks since April 2024, and they are accessible to anybody online, the study noted.
The study analysed a total of 19,030,305,929 passwords from breaches or leaks that occurred over the past year, with only 1,143,815,266 (6%) of passwords identified as unique.
Duplicate And ‘Lazy’ Passwords Common
Research found that 94% of passwords are reused or duplicated, and 42% of users choose passwords with 8–10 characters, with eight being the most common. This comes despite Internet users being recommended to have a 12-character password, but unfortunately, they choose ones that are easier to remember.
Lazy passwords like “password”, “admin” and “123456” are still frequently used despite warnings. The fact that “1234” appears in over 4% of all passwords—more than 727 million passwords—is not surprising. Adding two more digits to it, making it “123456” results in 338 million passwords that use it. Since 2011, “password” and “123456” have been the most widely used passwords, as per the study.
The second most common element in passwords was people’s names. When Cybernews cross-checked the dataset with the most popular names of 2025, it found there was 8% of names had the likelihood of being used in passwords.
'Dictionary Attacks'
Data revealed that 27% of passwords were made up entirely of lowercase letters and numbers. Even nearly 20% of unique passwords contained no special characters but only a combination of capital and numeric characters. This increases their susceptibility to dictionary and brute-force attacks.
Cybercriminals also make entries such as ‘password’ (totalling 56 million) and ‘admin’ (totalling 53 million) their primary target, preying on people’s predictability.
With people using passwords that are weak, and reusing them over and over again, cybercriminals leverage credential dumps from publicly accessible info-stealers to cause credential-stuffing attacks.
Even as cybercriminals misuse popular password patterns even in the absence of a compromise, reusing passwords across platforms can have a cascading effect, allowing a breach in one system to jeopardise the security of other accounts.
RECOMMENDED FOR YOU
Oppo Find X9 Pro Gets Hasselblad Imaging Kit With Add-On Lens For Enhanced Zoom
A Single ‘Find My iPhone’ Ping Unravelled the UK’s Biggest Phone Theft Ring
Harrods Warns Customers Of Data Theft In Latest IT Breach
Oppo Find X9 And Vivo X300 Flagships To Get MediaTek Dimensity 9500: Can It Beat Snapdragon 8 Elite Gen 5?
POPULAR