this post was submitted on 22 Nov 2025
67 points (98.6% liked)

Technology

40799 readers
528 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
remington@beehaw.org
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
67
Top 200 Most Common Passwords | NordPass (nordpass.com)
submitted 1 week ago by otters_raft@lemmy.ca to c/technology@beehaw.org
36 comments fedilink hide all child comments
 

Seven years since our first top 200 common passwords list, we’ve witnessed how credential trends have changed — and what has remained the same. Each year, we rediscover people’s tendency to opt for weak passwords that prioritize convenience over security.

However, this year, we decided to ask ourselves: How do different generations treat their password use? From the silent generation to the “zoomers,” we analyzed which passwords are the most common among different user groups. As it turns out, bad password habits are trendy no matter how old you are.

you are viewing a single comment's thread
view the rest of the comments
[–] SanctimoniousApe@lemmings.world 2 points 1 week ago (1 children)

Methodology

The Top 200 Most Common Passwords report is the result of a joint effort between NordPass and NordStellar, prepared in collaboration with independent researchers specializing in cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed from September 2024 to September 2025 to identify statistically aggregated data. No personal data was acquired or purchased for this research.

Okay, so how valid is this really if they're only using those passwords that were hacked?

[–] t3rmit3@beehaw.org 9 points 1 week ago (1 children)

It's very valid. The password dumps they're analyzing aren't based on attackers brute-force, they're based on attackers breaching sites' backends and dumping the user databases. Some of these are sites with millions of records, and when you look at credential-stuffing lists (which are aggregate lists of currently-accessible accounts using previously-breached credential pairs), it adds millions more.

Sort this list by year, and you can see there's tens of millions of leaked passwords in 2025 alone: https://haveibeenpwned.com/PwnedWebsites

[–] SanctimoniousApe@lemmings.world 5 points 1 week ago

That makes sense, thank you.