Your password probably isn’t as secure as you think.
A new study from Cybernews reveals a staggering 19 billion passwords have been leaked online through more than 200 data breaches since April 2024 — and most of them are weak, reused, or embarrassingly easy to guess.
After analyzing the dataset, Cybernews researchers found that only 6% of passwords were unique. That means nearly all others had been reused across multiple accounts or relied on predictable, easily crackable patterns.
The Worst Offenders
The most common passwords in the leaked data should look painfully familiar:
- “123456” – used 338 million times
- “password” – 56 million instances
- “admin” – 53 million uses
“These ‘default’ passwords remain one of the most dangerous trends we see,” said Neringa Macijauskaitė, an information security researcher at Cybernews. “Hackers prioritize them because they work.”
The study also uncovered that many people still use first names, particularly popular ones. In fact, 8% of passwords contained names from the top 100 baby names of 2025.
And then there’s the curious trend of vulgarity: 16 million passwords included a certain well-known four-letter word, adding little more than false bravado to weak credentials.
Why Your Password Might Be Easy to Crack
Around one-third of all reviewed passwords used only lowercase letters and digits, and nearly 20% mixed cases and numbers but lacked symbols. While slightly better, these still fall short of resisting modern dictionary attacks, where hackers use vast databases of common words and phrases to brute-force their way in.
Only about 1 billion of the 19 billion passwords were considered strong enough to resist these attacks.
“We’re facing a widespread epidemic of weak password reuse,” said Macijauskaitė. “For most users, their security depends entirely on whether two-factor authentication is enabled — if at all.”
How to Create a Strong Password
Given how quickly hackers can now exploit weak credentials, your best defense is a strong, unique password for every account. Here’s how to build one:
✅ Use at least 14–18 characters
✅ Include uppercase and lowercase letters
✅ Add numbers and special symbols
✅ Avoid names, common words, or personal details
If you find it difficult to remember complex passwords, get a password manager. These tools securely store your credentials and generate strong passwords for each site.
Don’t Stop at Strong Passwords
- Enable multi-factor authentication (MFA) on every account that supports it. This adds a critical extra layer of protection.
- Use biometric logins or passkeys where available.
- And yes — it should go without saying, but: never share your password with anyone.
In a world of increasingly sophisticated cyberattacks, your password might be the last thing standing between you and a digital disaster. Make it count.
Data-Security-Data-Breach-Cybersecurity-Hacking-Picture-on-Flickr-by-Blogtrepreneur
