World password day 2025: same story, new year

Here we are again—another World Password Day, and still the most commonly used password is 123456. It’s 2025, and that sequence remains the digital equivalent of leaving your front door wide open with a neon “come on in” sign above it.

Once again, the latest list of the world’s most popular passwords shows depressingly little progress. Most of the entries haven’t changed in over a decade, despite endless warnings from cyber security experts, national awareness campaigns, and high-profile data breaches.

While World Password Day is vital for reminding the public of password best practices, businesses need to take this further: every day should be password day in a corporate environment. If your password appears anywhere on that list, you are not just at risk—you’re a target.

The persistence of weak passwords

Year after year, cyber professionals flag up the same patterns, and year after year they’re ignored. Take a look at the most common passwords of 2024 and ask yourself: are we really learning anything?

• Basic sequences like “password”, “123456”, and “qwerty” still top the charts.
• Simple repetition remains widespread—think “111111” or “abc123”.
• Personal information such as names, birthdays, or even the name of your employer continues to be used, despite how easily this data can be harvested online.

Weak passwords are no joke. As threat actors continue to use more advanced tools and AI-assisted brute force methods, it's often the simplest attack vectors that work best. Guessing a weak password is still one of the most effective ways into a network.

What makes a good password in 2025?

It’s a myth that strong passwords need to be overly complicated. In reality, the best passwords are long, unique, and unpredictable. Here’s what to focus on:

• Length matters: Use a passphrase—a string of random, unrelated words. Something like “toastPENGUINbubblewrap93” is far more secure and memorable than “Tr0ub4dor&3”.
• Avoid clichés: Anything that sounds clever probably isn’t. Hackers know all the tricks—like swapping “E” for “3” or “S” for “$”.
• Use tools: Password managers can generate and store complex passwords securely, removing the temptation to reuse the same login across multiple accounts.

Simple actions to strengthen your password security include:

• Change any old or reused passwords to something strong and unique
• Enable two-factor authentication (2FA) wherever possible
• Password protect your home Wi-Fi router
• Don’t store passwords in plain text on your device
• Log out of applications when not in use
• Regularly clear cached data and temporary internet files

Weak passwords have real-world consequences

For individuals, a weak password might mean identity theft or losing access to important accounts. For businesses—especially small to medium-sized ones—it could mean data breaches, regulatory fines, reputational damage, or even total operational shutdown.

This World Password Day, use the moment to reflect. The cyber threats we face in 2025 are more sophisticated, more relentless, and more damaging than ever before. But the good news is, password security remains one of the most controllable aspects of cyber hygiene.

Don’t wait until it’s too late. If your organisation needs help improving its cyber security posture, speak to our experts today.