How are passwords looking in 2025?

In a sobering deep dive into more than 19 billion newly exposed passwords, a recent Cybernews study has confirmed… we’re still terrible at choosing passwords. The report uncovers a global epidemic of weak, reused, and predictable passwords. In this blog, we’ll go over a summary of the findings Cybernews made, and try to uncover why this is still a problem.

The Passwords Landscape, Today

One of the most alarming revelations from the study is that a staggering 94% of all analysed passwords were either reused or duplicated. That leaves only 6% of passwords unique. Quite a surprising figure, right?

Keyboard patterns like “123456” continue to dominate, with variations like “1234” showing up in nearly 4% of all passwords. Of course, we can’t forget that the word “password” itself is still holding strong in the top ranks, along with the default “admin”. Hopefully, we’d assume that this isn’t so common in businesses, as they should each have a strong password policy for staff to adhere to. However, individuals are at just as much risk of businesses online, so we should all be setting ourselves the same policy.

A Typical Password in 2025?

The data that Cybernews found demonstrates very old and classic password creation habits:

• The majority (42%) of users stick to 8–10 character passwords, with eight characters being the most common.
• Nearly 30% of passwords consist of just lowercase letters and numbers.

Why does the cycle continue?

Thanks to MANY campaigns over the years, it’s safe to say that pretty much everyone knows that having a weak password is bad, so why are we still making them? Here are the two main reasons we can think of:

• Inconvenience- No doubt about it, you wouldn’t have to worry about remembering your several passwords for each online account you have, if you just had one that was “password”. Not to mention how long it’d take to type out a 15-character-long password, the horror! Temptation is a killer when it comes to passwords, so what’s the solution? Password managers are a safe bet, you can make as complex a password as you want without the risk of forgetting it.

• Underestimation- Sure, you’ve probably seen a story or two about a company being hacked, but why would it happen to you? After all, you’re one person in 8 billion; the chances of you being a target seem impossible, right? Unfortunately, this is not exactly true. The tools that hackers use to breach passwords have advanced significantly. In 2023, brute-forced attacks were guessing between 10,000 to 1 billion passwords a second. You don’t have to be a company like Amazon to fall victim to malicious users.

The Way Forward: More Than Just Strong Passwords

The truth is, we all know what we should do when making a password. Hackers are getting upgrades for their tools every day, so we need to up the ante, too.

We hope you’ve liked this blog and stick around to see our future releases. We cover everything from recent IT News to knowledge base articles. Stay safe!