KNOWNHOST BLOG

Most Hackable Passwords

Passwords are paramount to making sure that your data stays private and secure. However, the risks of a weak password could mean a serious data breach, with an average data breach in 2024 costing $4.88 million, which is a 10% increase from 2023. As 2025 unfolds, it is important to ensure that your passwords are not within popular lists and can be trusted to keep your data safe.

Here at KnownHost, we conducted a study to investigate the most used passwords and how likely they are to be hacked based on how many times the password has been seen in recorded data breaches.

Most Hackable Passwords

password table

From the table, we can see that the top five most hackable passwords have a combination of consecutive numbers from 1 to 9, the first of which is ‘123456’. This password has been used over 3 million times and has been involved in over 50 million data breaches. This is significantly more than second place, with ‘123456789’ which has been used 1.6 million times and involved in 20.5 million data breaches. In third, ‘1234’ has ranked highly due to the length of only four characters. This password can also be cracked in less than a second, along with the other passwords included in the top ten.

The most hackable letter password is ‘password’ in sixth place, which has been used 692,000 times and been involved in 11 million data breaches, the third highest across the top 10. This is followed by ‘admin’ in eighth place which has been used nearly 250,000 times and has been involved in nearly 5 million data breaches.

In 10th position is the only combination password of letters and numbers with ‘abc123’ which has been used 331,000 times and involved in 4.2 million data breaches.

Most Common Password Patterns

most common password patterns

Across the 200 passwords used in this study, the password sequences only contain letters and numbers, either solely or a combination of both. Notably, none of the passwords include special characters. 65.5% of all the global top 200 passwords are a combination of both, followed by only letters with 23.5% and then only numbers with 11% of all passwords.

password facts

From this, we can see that combinations are the most likely passwords to be used globally, whilst only numbers are the most likely to be involved in data breaches.

Most Common Password Lengths

most common password lengths

The character length for the global top 200 passwords varies between 4 characters to 15 characters, with the most common being eight characters long with 20.5% of all passwords ranked. The least common length was the shortest with 4, with only 0.5% across all passwords.

Methodology

For this study, the top 200 passwords used worldwide were seeded from NordPass. These were then loaded into PwnedPwnedPwned to check the frequency of these passwords being hacked, with data breach data spanning from 2007 to 2025. From this, the passwords were then standardized using minmax normalisation. The minmax normalisation value is multiplied by 10 to create a score (between 1-10). A score of 10 is always the best result and this was used to find the new ranking for the most hacked passwords across the globe.

Sources:

Related posts:

  1. What is Server Virtualization & How Does it Work?
  2. How Google, Yahoo & Apple Changed Their Email Authentication Requirements
  3. Fully Qualified Domain Name (FQDN) Meaning
  4. What does the .io internet domain mean?